[Openswan Users] Bug 1021 Workaround ? O2.6.21+K2.6.25+NAT-T

samuel_formulaires samuel_formulaires at numlog.fr
Tue May 12 10:01:49 EDT 2009


Paul Wouters a écrit :

> On Thu, 7 May 2009, Samuel Forms wrote:
>
>> - Openswan 2.6.21
>> - with patches from ftp://ftp.openswan.org/openswan/testing/nat-t/
>> - vanilla Kernel 2.6.25 (User Mode Linux, not a real machine)
>
> You might want to try the git version, and see if that resolves your
> issue. Particularly with commit:
> Fixes to new nat-t code (HAVE_UDP_ENCAP_CONVERT ) [mcr]
> Some ipsec_tunnel KLIPS cleanups [mcr]
>
> To get that tree, use:
>
> git clone git://gsoc.xelerance.com/openswan.gsoc
>
> I'd be interested to see if the NAT-T thing and mast0 issue is
> resolved with that.
>
> Paul


- 2.6.22dr1 indeed fixes the ipsec0/mast0 thing, now even when 
nat_trav=yes, I see netif_rx(ipsec0) instead of (mast0) in debug and VPN 
works
- seems like i no longer have the inactivity problem (when no trafic 
through VPN for hours, must down/up tunnel)

BUT
I did have to apply ftp://ftp.openswan.org/openswan/testing/nat-t/*, 
otherwise it seems to search for old style natt (which fails because 
make nattpatch fails on K2.6.25), while you replied "No" to my question :

> Do I use ftp://ftp.openswan.org/openswan/testing/nat-t/ like I did on
> openswan-2.6.21 ?

No. <<----

Can this NAT-T patches stuff be cleared ?


More information about the Users mailing list