[Openswan Users]

Tue Dec 20 16:38:03 CET 2005

On Mon, 19 Dec 2005, Dirk Nehring wrote:

> > Well, I'm not sure if the combination PSK, NAT-T and transport mode is
> > officially supported by Openswan. So you might have to ditch that PSK.
> > I have moved the thread to the users mailinglist because I am not yet
> > convinced this is a developers issue.
>
> something gets broken between 2.3.1 and 2.4.0. For me it's a dev-issue,
> __if__ transport mode is supported.

Correct, a few things broke. Most of those are fixed in 2.4.5rc3.

> Works with 2.3.1 without problems, but since 2.4.0dr??? it doesn't work
> anymore. Currently I'm using kernel version 2.6.14.3. I can give you a
> test account if you like to check it by yourself.

Are you using klips or netkey? klips incorrectly didnt set the mtu on
the interface, causing a lot of really small packets to be sent. The
following fix (from cvs) needs to be applied to 2.4.5dr3 in ipsec_xmit.c
around line 400:

        ixs->physmtu = ixs->physdev->mtu;
+       ixs->cur_mtu = ixs->dev->mtu;

Or check out the 2_4_x branch using cvs.

Paul
-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)