[Openswan Users] NAT-T in native stack??
Ken Bantoft
ken at xelerance.com
Wed May 19 05:04:27 CEST 2004
On Tue, 18 May 2004, Paul Wouters wrote:
> On Tue, 18 May 2004, Rene Mayrhofer wrote:
>
> > > USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true
> > >
>
> The issue with USE_NAT_TRAVERSAL_TRANSPORT_MODE is not wether or not it
> was causing problems in the implementation, but that as a feature, it is
> a security risk. Openswan tends to package with all dangerious options
> disabled, leaving them open for the (hopefully somewhat cluefull) user
> to enable. One such example is 1DES. NAT-traversal in transport mode also
> has security implications. That is why it is disabled.
NAT-T and NAT-T Transport mode are both are enabled in 1.x and 2.x trees.
Without NAT-T Transport mode, we cannot interop with Win2k stack, which is
what over 50% of users are interested in doing.
Sadly, we are forced to make some sacrifices in the never ending game of
compatibility.
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
More information about the Users
mailing list