[Openswan Users] Status of NAT-T

David McCullough David_Mccullough at securecomputing.com
Tue Jan 13 05:37:44 EST 2009

Jivin P.Freitag at kellergrundbau.at lays it down ...
> Hello Everybody!
> Beforehand I  want to apologize if this question has been aked before - 
> please point me to the relevant texts in that case, as I was not able to 
> find anything about it.
> The question is:
> Up to which kernel-version does the nat-t patch work? 
> (make nattpatch | (cd /usr/src/linux/ && patch -p1)) produces 5 failed 
> hunks in udp.c ( and openswan 2.6.20rc1)
> I would like to use KLIPS, but have to use a kernel higher then 
> due to some driver issues - and sadly wasn't able to find a natt-t patch 
> which works with it or any other higher kernel-version, so i have to stick 
> to netkey which I don't like.
> I've also read some hints about future development which will make the 
> natt patches obsolete? Is there some sort of roadmap available about it?

I am running openswan with nat-t on linux-2.6.26 ok.  I think I have pushed the
updated nat-t patch stuff to paul.  It's may not be the ideal way to do
the nat-t support but it works ok as far as I have tested it.

I am not sure how you should create the patch though. I thought you no
longer needed to do the 'make nattpatch' bit,  but I could be wrong.

Either way.  if there are no better ideas I can generate a linux-2.6.26
patch for use with openswan-2.6.20dr2 (and some earlier ones) without
too much problem.


David McCullough,  david_mccullough at securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org   http://www.snapgear.com

More information about the Users mailing list