[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OIC] isakmpd NAT-Traversal - testers wanted

To: Hakan Olsson <ho@openbsd.org>
Subject: Re: [OIC] isakmpd NAT-Traversal - testers wanted
From: Sean <sean@obstacle9.com>
Date: Wed, 23 Jun 2004 10:32:27 -0700
Cc: tech@openbsd.org, openbsd-ipsec-client@allard.nu
References: <4E091765-C4D1-11D8-9617-000D93C2849E@openbsd.org>
User-Agent: Mozilla Thunderbird 0.7 (Windows/20040616)

Were the patent issues resolved?


Hakan Olsson wrote:

> Support for NAT-Traversal in isakmpd was added just recently (yesterday or
> so). The support is for ESP-tunnels only, not AH or transport mode.
> 
> So far, it has only been tested between various OpenBSD/isakmpd boxes, and
> I would appreciate if people could try to test this against other vendors
> and mail me the results.
> 
> To test, first update isakmpd to -current, anoncvs should have the sources
> by now.
> 
> There is no special isakmpd configuration required to activate NAT-T, it's
> all automatic.  However, you need to run "sysctl net.inet.esp.udpencap=1"
> on both sides, as well as permitting UDP port 4500 in addition to the
> normal 500.
> 
> If it does not work, mail me a description of the problem, the last 2-300
> lines from 'isakmpd -d -DA=90 -L', and the output from 'tcpdump -nvr
> /var/run/isakmpd.pcap'. (You'll probably want to update tcpdump as well.)
> 
> Thanks,
>   Håkan
> 
> _______________________________________________
> OpenBSD-IPsec-Clients mailing list
> OpenBSD-IPsec-Clients@allard.nu
> http://www.allard.nu/mailman/listinfo/openbsd-ipsec-clients

Prev by Date: Please confirm your message
Next by Date: Re: isakmpd does not support IPV4_ADDR_SUBNET as phase 1 id type
Prev by thread: Re: [OIC] isakmpd NAT-Traversal - testers wanted
Next by thread: Please confirm your message
Index(es):
- Date
- Thread