RES: [Openswan Users] kernel 2.6 + openswan 2.4.5 = not NAT-T support

Domingo Antonio domingo at
Thu Apr 13 14:18:56 CEST 2006

yes i did it, but when i run ipsec verify command...

Version check and ipsec on-path                                 [OK]
Linux Openswan 2.4.5rc7 (klips)
Checking for IPsec support in kernel                            [OK]
KLIPS detected, checking for NAT Traversal support              [FAILED]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [FAILED]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

does this patch create a /proc/net/ipsec/natt directory?
in my /proc/net/ipsec/ there is no natt dir..

thanks a lot!!!

-----Mensagem original-----
De: Paul Wouters [mailto:paul at] 
Enviada em: quinta-feira, 13 de abril de 2006 13:16
Para: Domingo Antonio
Cc: Users at
Assunto: Re: [Openswan Users] kernel 2.6 + openswan 2.4.5 = not NAT-T

On Thu, 13 Apr 2006, Domingo Antonio wrote:

> 	I have a kernel 2.6.16 and openswan 2.4.5
> 	I have been applied openswan-2.4.5rc7.kernel-2.6-klips.patch and 
> openswan-2.4.5rc7.kernel-2.6-natt.patch, but there is no NAT-T entry 
> in /proc/net/ipsec/natt... when i run ipsec verify commando i get 
> FAILED in nat traversal support...

Did you run "make oldconfig" in the linux tree and answer "yes" to the new

Note that there is also a bug in the udp checksum handling when openswan is
behind NAT. See for a workaround.


More information about the Users mailing list