[Openswan Users] Openswan 1.0.0 and RHES3

Michael Richardson mcr at sandelman.ottawa.on.ca
Sat Jan 3 19:39:27 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----


In general, the NAT-T patch is going to start showing up.

For OSW 2.1.0, I've been trying to decide exactly what to do.

    1) you can not build a standalone module that does NAT-T as it stands.

    2) if you are building static kernel, and NAT-T is already there,
       then it fails.

    3) if you have a kernel that is already patched, then the module build
       ought to support it.

Ideally, I'd like to not care if the NAT-T patch is there. There is already
	 some code to deal with this.

One solution is to get rid of the different traversal methods. That gets rid
of the need for ipsec_rcv() to know which method was used, and therefore the
sock.h patch, which is the most annoying part.

A solution to the udp.c patch is to have a netfilter module to do the same
thing. 

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBP/dgvYqHRg3pndX9AQF81gP/fiNGdot6RvZd0ocZHPZKi1MOU5JYdF52
i763Z6D53lpc1MXpkxn51z+xen7RC17xEfccA27snuTk9ETcOXgjWS3QIboZvo7F
gmgwkiOvdhvDdBeFSQTXSg2BZQ1O7HI5cFTUmnCBu6caCYXznad6AwQtR7p3nuK9
SHypZROhJcE=
=x/lz
-----END PGP SIGNATURE-----


More information about the Users mailing list