[Openswan Users] Bug 1021 Workaround ? O2.6.21+K2.6.25+NAT-T

Paul Wouters paul at xelerance.com
Tue May 12 13:46:07 EDT 2009

On Tue, 12 May 2009, samuel_formulaires wrote:

> - 2.6.22dr1 indeed fixes the ipsec0/mast0 thing, now even when
> nat_trav=yes, I see netif_rx(ipsec0) instead of (mast0) in debug and VPN
> works

Thanks for the feedback on this

> - seems like i no longer have the inactivity problem (when no trafic
> through VPN for hours, must down/up tunnel)

Good :)

> I did have to apply ftp://ftp.openswan.org/openswan/testing/nat-t/*,
> otherwise it seems to search for old style natt (which fails because
> make nattpatch fails on K2.6.25), while you replied "No" to my question :
>> Do I use ftp://ftp.openswan.org/openswan/testing/nat-t/ like I did on
>> openswan-2.6.21 ?
> No. <<----
> Can this NAT-T patches stuff be cleared ?

I am doing some testing right now to determine the exact status. The idea
is to incorporate the those testing/nat-t, which no longer patch the kernel,
into openswan so no separate patches are needed and klips can be build as
a module with full nat-t support.

I'll get back to you on this one.


More information about the Users mailing list