[Openswan dev] Re: [PATCH] Openswan and OS X with NAT-T

Jacco de Leeuw jacco2 at dds.nl
Fri Feb 17 13:53:54 CET 2006


Peter Van der Beken wrote:

> I think you'll still want to take the constants.c patch, so that logging 
> makes some sense. IMHO it's nicer to use the RFC-based NAT-T and not the 
> draft ones. But that's up for you guys to decide.

I agree with Peter on this. You would expect Openswan to prefer RFC 3947
over draft-ietf-ipsec-nat-t-ike.
(http://lists.openswan.org/pipermail/users/2006-February/008332.html)

I've just looked at 10.4.5's racoon source code. I was wondering whether
Apple have switched to ipsec-tools because KAME's racoon has been discontinued
but this is not the case. They continue to work on their own KAME racoon fork.
So there will be no support for features like DPD and IPCOMP, unless Apple
adds these themselves.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Dev mailing list