On Tue, 18 May 2004, Rene Mayrhofer wrote: > > USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true > > > > in Makefile.inc. Note the _MODE part, which was missing in previous versions, > > and might still be missing in 2.1.1. (It is fixed in cvs) > > This is neccessary for WinXP/2K > Ok, added this to Makefile.inc. > > > For the native stack, also apply the fix from Nate that changed a test -d > > to a test -f for /proc/modules in _startklips. > I did that for the Debian package, along with the CRL crash fix. > > Since all issues now seem to be fixed, would it be possible to enable > NAT-T by default in the upstream config file ? I could of course patch > the config file for the Debian package, but I would rather like to have > as few Debian-specific patches as possible.
The issue with USE_NAT_TRAVERSAL_TRANSPORT_MODE is not wether or not it was causing problems in the implementation, but that as a feature, it is a security risk. Openswan tends to package with all dangerious options disabled, leaving them open for the (hopefully somewhat cluefull) user to enable. One such example is 1DES. NAT-traversal in transport mode also has security implications. That is why it is disabled. I will leave it up to Michael wether or not to change the current behaviour. Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
