[Openswan Users] NAT-T Help

Peter McGill petermcgill at goco.net
Tue Nov 28 16:39:17 EST 2006

I'm running Openswan 2.4.6 on Kernel 2.4.31.
I have 7+ offices linked using Openswan (without NAT-T).
They work great.
I added a L2TP/IPSec server connection to our main one (without NAT-T).
Again it works fine.

I wanted to add NAT-T support to that server so that employee's can access from home networks.
I enabled NAT-T in ipsec.conf.
config setup

conn remote-client-to-london-office-server

I patched the kernel with the NAT-T patch.
cd /usr/src/linux-2.4.31; patch -p1 < openswan-2.4.6.kernel-2.4-natt.patch
(Enabled NAT-T in config, recompiled, installed the new kernel and rebooted).
Everything appeared to go alright.
NAT-T support appears to be compiled in, as I don't see this in the log anymore.
Nov 28 15:52:13 sheridan pluto[1746]: NAT-Traversal: ESPINUDP(1) not supported by kernel for family IPv4

But now all my old office to office connections don't work.
They all get stuck on Main I1, initiating the connection (initiated from either end.)
But I don't see any error messages explaining what's wrong.
I checked my firewall logs (both ends) and it doesn't appear to be dropping anything.

Any suggestions?

I don't need to compile NAT-T on all the servers do I?
That would be a real chore to synchronize.

In the meantime I've reverted to my old kernel.

Peter McGill

More information about the Users mailing list