[Openswan Users] Forcing udp-encaps when not on a NAT'd
connection?
Ken Bantoft
ken at xelerance.com
Fri Jun 11 15:54:55 CEST 2004
On Thu, 10 Jun 2004, Nate Carlson wrote:
> On Thu, 10 Jun 2004, Nate Carlson wrote:
> > > Perhaps it can't deal with forced NAT-T? This should be per conn.
> > > Check out how DPD is dealt with in the auto/_confread/_readconf and
> > > whack to turn this into a per-conn option. It would definately get
> > > accepted into mainline code.
> >
> > Sure, I'll give it a shot. Thanks for the starting point.
>
> Eesh. I took a look; it's a wee bit out of my league. This is a bit
> tougher than the global tweak. :)
>
> In any case, the global tweak may actually be a nice thing to have - IE,
> if you're on a network that blocks ESP, it'd be nice to have a tweak to
> flip to force NAT-T.
If it was per conn, you could just stick it into 'conn %default' for the
same results, and be able to disable it for a certain tunnel.
I'm on the road for 3 weeks, living in airports and hotels, so I'll
probably run into tht need for this and write the code :)
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
More information about the Users
mailing list