[Openswan Users] Re: Help:how to do ESPinUDP?

[Paul Wouters]

On Tue, 17 Aug 2004, swcims wrote:

> 	You know,super-fs 1.99.8 on my mips linux 2.4.17 works well.I have no time enough to use openswan-2 instead.So,I think the quick way is to use a good nat-t patch for super-fs.I ever heard that super-fs1.99.8 has nat-t inside.

I have made openwrt (linksys wrt54g MIPS) packages available for
openswan-2 on ftp://ftp.openswan.org/openswan/binaries/openwrt/
The only thing that is needed are the correct Makefile.inc settings
and some environment variables to point to the right cross compiler.

Alternatively, grab the latest openswan and run 'make nattpatch' >
yourpatchfile.txt. This will at least give you the latest nat-t patch
for the kernel, even though your superfreeswan userland will have limited
support for nat traversal.

> 	I read draft-ietf-ipsec-udp-encaps-08.txt.It seems that every ipsec/esp packet should be "espinudp" encapsulation.But when I use "pluto --nat_traversal",I can't find this encapsulation in ISKAMP or ESP packet.Would openswan-2 make every ipsec traffic encapsulated?

superfreeswan does not support forcing nat-t. It will be done on a case
to case basis, depending on the nat-t vendorid negotiation's result.

openswan also has the 'starter' tool that makes it easier to start
openswan without the use of many scripts, something that you seem to be
trying to do for your embedded MIPS platform.

Paul