[Openswan Users] NAT-T disabled

Magnus Hyllander mhypub1 at hyllander.org
Sun May 30 20:18:33 CEST 2004


Magnus Hyllander wrote:

> May 27 02:01:09 fleming ipsec__plutorun: 003 NAT-Traversal: 
> ESPINUDP(1) not supported by kernel -- NAT-T disabled
>
> Any ideas what is going wrong here? What does the warning about route 
> filtering mean, and why doesn't the kernel support ESPINUDP?

Well, I finally found out why NAT-T was disabled: you have to enable it 
before rebuilding the kernel.

If you follow the installation instructions in the openswan README 
exactly, it doesn't work. I think it would be a good idea to mention 
that after applying the NAT-T patch, you also have to reconfigure the 
kernel (e.g. "make menuconfig") and enable the 
CONFIG_IPSEC_NAT_TRAVERSAL option. That little piece of information is 
missing in section 2.1 in the README. Once you've done this you can 
proceed with building and installing the kernel and openswan.

/Magnus



More information about the Users mailing list