[Openswan Users] NAT-T in native stack??
mcr at xelerance.com
mcr at xelerance.com
Tue May 18 20:15:22 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> has security implications. That is why it is disabled.
Paul> I will leave it up to Michael wether or not to change the
Paul> current behaviour.
I'd like to hear from Rene:
1) why this is necessary? (L2TP with win2k is an answer,
but not a very good one)
2) why Debian can't enable it as they see fit? (and therefore take
responsibility for the issue!)
3) if two kernel packages might be more appropriate.
We have no test cases for transport-mode NAT-T. So, before it was
turned on, we'd need test cases for it to be written.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQKqZCYqHRg3pndX9AQG7rAQAsl7Z1iuxvwlH7MFWxnZmkWi+ayCbWTHS
R0q+y3hnJJWADBKrzuWvEuzff1LQLAk3bGLJl9PrAiKaHp81mAnTChmNN+exTEhD
rR0nShMCkUhwgOEfsGXhOkS40g0T6RsUp8Sg1kCQVf2fveopKDx9IkMOpGT5G/pR
Fo5KygQDLeI=
=I7zq
-----END PGP SIGNATURE-----
More information about the Users
mailing list