[Openswan Users] Openswan and Kernel Source

David McCullough David_Mccullough at securecomputing.com
Sun Jan 13 19:21:21 EST 2008

Jivin assiduus at poczta.internetdsl.pl lays it down ...
> Dnia Pt Stycznia 11 2008, 7:43 pm, Anonymous70 napisał(a):
> > I have tried patching a with
> > openswan-2.4.9-kernel-2.6-klips.patch.gz and
> > openswan-2.4.9-kernel-2.6-natt.patch.gz Results:
> > 1. natt patch fails
> > 2. klips even though applied successfully I still get NETKEY
> As far as I remember, Changelog to the lastest (2.4.11) release of
> Openswan stated that KLIPS'es NAT-T doesn't work with 2.6.23+ - don't know
> how it relates to the 2.4.9 release but I suppose it still might apply.
> Actually, you managed to go one step further than I did - not only did I
> not manage to apply the NAT-T patch, I also failed with compiling the
> kernel after patching it with the KLIPS patch. ;) As for the second part
> of your post, what I did was to include NETKEY in the kernel as a module
> (along with the rest of the code it needs) and compiled KLIPS also as a
> module so if you don't personally load af_key with, for instance,
> modprobe, you'll get KLIPS and if you do, you'll get NETKEY (at least this
> is how it works for me with 2.4.11).

I posted a non-official nat-t patch for 2.6.23 a while back:


should be easier to get working than the 2.4.9 version,


David McCullough,  david_mccullough at securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org http://www.cyberguard.com

More information about the Users mailing list