[Openswan Users] winxp behind on server behind nat patch

Bernd Galonska B.Galonska at fhr.de
Thu Mar 3 08:23:44 CET 2005 

I have a new version of the patch for openswan 2.3.1dr3


can some one help me to place a key in the conection definition in the
ipsec.conf file
so that I can turn on or off the sendig oft the nato Nat-OA payload  in the
respons to quickmode.
The parameter can lock like

   respons_nat_oa = no





Schnipp---------------------------------------------------------------------
----------------

--- openswan-2.3.1dr3/programs/pluto/ipsec_doi.c	2005-02-11
15:18:08.000000000 +0000
+++ openswan-2.3.1dr3/programs/pluto/ipsec_doi.c	2005-03-01
15:07:46.219586776 +0000
@@ -5958,6 +5958,17 @@
 	struct connection *p = find_client_connection(c
 	    , our_net, his_net, b->my.proto, b->my.port, b->his.proto,
b->his.port);

+#ifdef NAT_TRAVERSAL
+  #ifdef I_KNOW_TRANSPORT_MODE_HAS_SECURITY_CONCERN_BUT_I_WANT_IT
+    if( (p1st->hidden_variables.st_nat_traversal & NAT_T_DETECTED)
+    	&& !(p1st->st_policy & POLICY_TUNNEL)
+    	&& (p1st->hidden_variables.st_nat_traversal  &
LELEM(NAT_TRAVERSAL_NAT_BHND_ME))
+	&& (p == NULL) )
+        {
+          p = c;
+        }
+  #endif
+#endif
 	if (p == NULL)
 	{
 	    /* This message occurs in very puzzling circumstances
@@ -6329,14 +6340,14 @@
     }

 #ifdef NAT_TRAVERSAL
-    if ((st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATOA) &&
+    /*if ((st->hidden_variables.st_nat_traversal & NAT_T_WITH_NATOA) &&
 	(st->hidden_variables.st_nat_traversal & LELEM(NAT_TRAVERSAL_NAT_BHND_ME))
&&
 	(st->st_esp.attrs.encapsulation == ENCAPSULATION_MODE_TRANSPORT)) {
-	/** Send NAT-OA if our address is NATed and if we use Transport Mode */
+	// ** Send NAT-OA if our address is NATed and if we use Transport Mode
 	if (!nat_traversal_add_natoa(ISAKMP_NEXT_NONE, &md->rbody, md->st)) {
 	    return STF_INTERNAL_ERROR;
 	}
-    }
+    }*/
     if ((st->hidden_variables.st_nat_traversal & NAT_T_DETECTED) &&
 	(st->st_esp.attrs.encapsulation == ENCAPSULATION_MODE_TRANSPORT) &&
 	(c->spd.that.has_client)) {

Schnap----------------------------------------------------------------------
------------------------

More information about the Users mailing list