openswan klips and nat-t patches for openmoko added

Harald Welte laforge at
Thu Feb 15 03:46:24 CET 2007

On Wed, Feb 14, 2007 at 05:44:46PM +0100, Paul Wouters wrote:
> Hi guys,
> Great job on the wiki!
> I built the kernel using all the patches from quilt. Worked

we're actually using now, but that probably won't affect

> like a charm. Then I tried to patch in openswan KLIPS and NAT-T support,
> which also worked like a charm. After appending the two patches to
> the linux- list and rerunning quilt push -a it
> patched fine.
> So hereby the request to add the following two patches to the kernel:

> The NAT-T patch modifies udp.c, and therefor requires a new kernel plus
> modules build.  I hope this patch can be included and enabled per default,
> so that people who want KLIPS don't need to recompile a stock openmoko
> kernel. If the openmoko people think this is too invasive, please put
> in the patch but leave CONFIG_IPSEC_NAT_TRAVERSAL unset to allow easier
> building for those who do want to enable the option.

as for NATT: will do that as soon as I get back to kernel work (just
finished with u-boot stuff, now heading towards gsm).  If it's not in
svn in one week, please complain.

> The KLIPS patch is a seperate module, and should not impact anyone who
> does not want the ipsec.ko module. It can be used without the NAT-T
> patch, but this does not make much sense, as phone connectivity is
> very likely to be NAT'ed (especially when using GPRS in Germany :)

Mh, as one of the 'nedev' (though currently inactive) developers, I have
my issues with klips. But then I haven't seen anything but the old 2.4.x

And I'd rather also not start any discussion on this mailinglist.  I'll
look at the patch and then decide.  

Just as a general notice: Obviously we can't include every [duplicated]
feature in the stock openmoko distribution..

- Harald Welte <laforge at>         
Software for the world's first truly open Free Software mobile phone

More information about the openmoko-devel mailing list