[Openswan Users] Newbie question - Openswan 2.x KLIPS & NAT-T patches for kernel >= 2.6.24

Paul Wouters paul at xelerance.com
Mon Jul 6 11:40:59 EDT 2009

On Mon, 6 Jul 2009, John Mok wrote:

> I am using a Internet gateway running Ubuntu 8.04 LTS (kernel 2.6.24),
> and would like to add openswan to it. I am a little bit confused. What
> is the difference between openswan 2.4.x and openswan 2.6.x? Which is
> more stable for production?

2.4.x is in maintenance mode, but 2.6.x unfortunately has a bug when
used with leftprotoport/rightprotoport, which is required for L2TP based
vpn connections. Only use 2.4.x if you plan to use those.

> I tried to apply the KLIPS and NAT-T patches of openswan 2.4.15 to
> kernel 2.6.24, and come up with an compile error like :-
> http://lists.openswan.org/pipermail/users/2008-July/015039.html
> I hope someone could point me how to get and apply the KLIPS and NAT-T
> patches for kernel 2.6.24

If you use openswan 2.6.x, you should NOT apply the nat-t patch to
kernels >= 2.6.23

If you use openswan 2.4.x, then the KLIPS patch might take some manual
patch work to get going. We have not updated 2.4.x to work with the
latest linux kernels. But you can look at the simiar code in 2.6.x to
figure out what's wrong with the 2.4.x. code.


More information about the Users mailing list