[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OIC] isakmpd NAT-Traversal - testers wanted



Were the patent issues resolved?


Hakan Olsson wrote:

> Support for NAT-Traversal in isakmpd was added just recently (yesterday or
> so). The support is for ESP-tunnels only, not AH or transport mode.
> 
> So far, it has only been tested between various OpenBSD/isakmpd boxes, and
> I would appreciate if people could try to test this against other vendors
> and mail me the results.
> 
> To test, first update isakmpd to -current, anoncvs should have the sources
> by now.
> 
> There is no special isakmpd configuration required to activate NAT-T, it's
> all automatic.  However, you need to run "sysctl net.inet.esp.udpencap=1"
> on both sides, as well as permitting UDP port 4500 in addition to the
> normal 500.
> 
> If it does not work, mail me a description of the problem, the last 2-300
> lines from 'isakmpd -d -DA=90 -L', and the output from 'tcpdump -nvr
> /var/run/isakmpd.pcap'. (You'll probably want to update tcpdump as well.)
> 
> Thanks,
>   Håkan
> 
> _______________________________________________
> OpenBSD-IPsec-Clients mailing list
> OpenBSD-IPsec-Clients@allard.nu
> http://www.allard.nu/mailman/listinfo/openbsd-ipsec-clients