Thanks for all the help here, > > > Perhaps Rene wants to enable this per default. > > Might be an option, but I used to set it off by default because it > > broke > > stuff in earlier freeswan releases (where I applied the > NAT-T patch). Is > > it "safe" now, i.e. is _everything_ expected to work with > NAT-T being on > > that work when it is disabled ? > > AFAIK, yes. Just make sure you have: > > USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true > > in Makefile.inc. Note the _MODE part, which was missing in > previous versions, and might still be missing in 2.1.1. (It > is fixed in cvs) This is neccessary for WinXP/2K > > For the native stack, also apply the fix from Nate that > changed a test -d to a test -f for /proc/modules in _startklips.
I've done this... > Paul I think the major issue was placing nat_traversal=yes in the conn section rather than the config. I expected that this would be a conn setting as it is only needed for specific connections. Strange that I didn't get any errors when restarting ipsec when I did this. Thanks again to all, Lewis
