[Openswan dev] NAT-T in the face of changing IPs
Michael Richardson
mcr at sandelman.ca
Wed Jul 25 16:31:43 EDT 2007
Tero Kivinen wrote:
>> I.e. a different UDP port. Apparently, this is a problem for openswan.
>
> I guess you mean to say different IP-address, not port. The port is of
> course different as it is behind NAT.
Yes, that's what I meant.
>> Was this a case that I just didn't code for, or is this a gap in the
>> specification?
>
> NAT-T specs do say that it can come from different IP-address. It even
> specifies that the IP address can change on the fly.
Yes, I just didn't expect it to change until after the phase 1 was
complete. I.e that it would change later on.
I agree that this behaviour is acceptable. I think I'll have code tested
soon for this tonight.
More information about the Dev
mailing list