[Openswan Users] Help:how to do ESPinUDP?

[swcims]

Paul Wouters,
	Sorry about my incorrectly using "urgent".
	You know,super-fs 1.99.8 on my mips linux 2.4.17 works well.I have no time enough to use openswan-2 instead.So,I think the quick way is to use a good nat-t patch for super-fs.I ever heard that super-fs1.99.8 has nat-t inside.
	I read draft-ietf-ipsec-udp-encaps-08.txt.It seems that every ipsec/esp packet should be "espinudp" encapsulation.But when I use "pluto --nat_traversal",I can't find this encapsulation in ISKAMP or ESP packet.Would openswan-2 make every ipsec traffic encapsulated?
	Would you please provide some suggestion?Thank you very much!
	

======= 2004-08-17 17:51:32 wrote:=======

>On Tue, 17 Aug 2004, swcims wrote:
>
>Hi "swcims",
>
>> Hi,all
>> 	I am using super-fs 1.9.8 on linux 2.4.17 and it works well.Now I'd like it to support "draft-ietf-ipsec-udp-encaps-08.txt" and "draft-ietf.ipsec-nat-t-ike-08.txt",so I use "pluto --nat_traversal" command.Is this command enough for that requirement?
>> 	I think,according to draft-ietf-ipsec-udp-encaps-08,every ipsec packet should be "espinudp" encapsulation.But it seems to freeswan that it doesn't do this encapsulation when there is nat device between!Is it a problem?
>> 	Any suggestion is highly appreciated!
>
>You cc:ed me on this urgent message. I am providing user support on the 
>mailinglists at no cost. This means you cannot ask "urgent" requests
>from me.
>If you really need urgent assistance from Xelerance, we can talk about 
>a support contract.
>
>There has been talk on the openswan-dev list about nat-t support in the 
>kernel. In 2.6 this has been fixed. I am not entire sure about the state
>in 2.4, but 2.4.17 is surely too old.
>Apart from that, any superfreeswan kernel patch will have an too old,
>broken nat-t patch in it. 
>
>I recommend switching from superfreeswan to openswan-2.
>
>Paul
>
>
>
>.

= = = = = = = = = = = = = = = = = = = =
			
	Best Regards,
 
				 
        swcims
        swcims at 163.com
          2004-08-17