[Openswan Users] klips with nat-t on a 2.4 kernel with the 26sec
backport?
Nate Carlson
natecars at natecarlson.com
Tue May 18 19:33:57 CEST 2004
On Tue, 18 May 2004, Michael Richardson wrote:
> >>>>> "Nate" == Nate Carlson <natecars at natecarlson.com> writes:
> Nate> As I understand it, the problem is that Klips supports a
> Nate> couple different kinds of NAT Traversal specifications, and
> Nate> the 26sec kernel patch only supports one. Is that correct?
>
> Yes, 26sec supports the latest one.
>
> Nate> If that is indeed the case, how tough would it be to get a patch that
> Nate> would make Pluto only attempt to negotiate the 26sec-supported
> Nate> ESPinUDP method, or prefer that method over the rest of them?
> Nate> I tried looking over
>
> This should already be the case.
> I'm not exactly sure what is going on - perhaps pluto gets confused as
> to which kind 26sec actually supports.
Not sure if you saw the previous parts of the thread - I'm running klips
on a 2.4 kernel that has the 26sec backport in it, so instead of the UDP
encapsulation code contained in 'openswan-2.1.2rc5.natt.patch.gz', it's
using the code included with 26sec.
My gut feeling (could be 100% wrong) is that the pluto code just looks
"KLIPS or 26sec?", and if it sees KLIPS, assumes that we're using the UDP
encaps code in the patch instead of the 26sec encaps code, and picks a
standard that won't work on the UDP encaps code. I don't know enough about
the code to verify this, though - I took a look, and was utterly confused.
:)
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list