[Openswan Users] Status of NAT-T
David_Mccullough at securecomputing.com
Tue Jan 13 05:37:44 EST 2009
Jivin P.Freitag at kellergrundbau.at lays it down ...
> Hello Everybody!
> Beforehand I want to apologize if this question has been aked before -
> please point me to the relevant texts in that case, as I was not able to
> find anything about it.
> The question is:
> Up to which kernel-version does the nat-t patch work?
> (make nattpatch | (cd /usr/src/linux/ && patch -p1)) produces 5 failed
> hunks in udp.c (220.127.116.11 and openswan 2.6.20rc1)
> I would like to use KLIPS, but have to use a kernel higher then 18.104.22.168
> due to some driver issues - and sadly wasn't able to find a natt-t patch
> which works with it or any other higher kernel-version, so i have to stick
> to netkey which I don't like.
> I've also read some hints about future development which will make the
> natt patches obsolete? Is there some sort of roadmap available about it?
I am running openswan with nat-t on linux-2.6.26 ok. I think I have pushed the
updated nat-t patch stuff to paul. It's may not be the ideal way to do
the nat-t support but it works ok as far as I have tested it.
I am not sure how you should create the patch though. I thought you no
longer needed to do the 'make nattpatch' bit, but I could be wrong.
Either way. if there are no better ideas I can generate a linux-2.6.26
patch for use with openswan-2.6.20dr2 (and some earlier ones) without
too much problem.
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com
More information about the Users