[Openswan Users] Bug 1021 Workaround ? O2.6.21+K2.6.25+NAT-T
samuel_formulaires
samuel_formulaires at numlog.fr
Tue May 12 10:01:49 EDT 2009
Paul Wouters a écrit :
> On Thu, 7 May 2009, Samuel Forms wrote:
>
>> - Openswan 2.6.21
>> - with patches from ftp://ftp.openswan.org/openswan/testing/nat-t/
>> - vanilla Kernel 2.6.25 (User Mode Linux, not a real machine)
>
> You might want to try the git version, and see if that resolves your
> issue. Particularly with commit:
> Fixes to new nat-t code (HAVE_UDP_ENCAP_CONVERT ) [mcr]
> Some ipsec_tunnel KLIPS cleanups [mcr]
>
> To get that tree, use:
>
> git clone git://gsoc.xelerance.com/openswan.gsoc
>
> I'd be interested to see if the NAT-T thing and mast0 issue is
> resolved with that.
>
> Paul
- 2.6.22dr1 indeed fixes the ipsec0/mast0 thing, now even when
nat_trav=yes, I see netif_rx(ipsec0) instead of (mast0) in debug and VPN
works
- seems like i no longer have the inactivity problem (when no trafic
through VPN for hours, must down/up tunnel)
BUT
I did have to apply ftp://ftp.openswan.org/openswan/testing/nat-t/*,
otherwise it seems to search for old style natt (which fails because
make nattpatch fails on K2.6.25), while you replied "No" to my question :
> Do I use ftp://ftp.openswan.org/openswan/testing/nat-t/ like I did on
> openswan-2.6.21 ?
No. <<----
Can this NAT-T patches stuff be cleared ?
More information about the Users
mailing list