[Openswan Users] newbie help - RHEL 3 behind NAT to SonicWall
Paul Wouters
paul at xelerance.com
Wed Feb 1 19:15:42 CET 2006
On Wed, 1 Feb 2006, Kimberly Knowles Nico wrote:
> I am reluctant to go with a non-EL-blessed kernel, but for the heck of it I
> attempted to build 2.4.5rc4. I am quite sure I need the NAT-T patch, because I
> intend to use it behind a NATed router. But the patch failed.
the NAT-T patch is only for use with KLIPS, not NETKEY. RHEL3 ships with NETKEY,
an old broken version of NETKEY that is, and so you cannot patch the NAT-T KLIPS
patch, and you cannot use KLIPS on these systems.
I have said it before and I will say it again, "RHEL3 is the worst system to try
and run IPsec on, since its NETKEY is broken and you cannot install KLIPS on it."
Paul
More information about the Users
mailing list