[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 854) Re: Racoon NAT-T Transport Mode

To: racoon@kame.net
Subject: (racoon 854) Re: Racoon NAT-T Transport Mode
From: Michal Ludvig <michal@logix.cz>
Date: Thu, 4 Nov 2004 22:00:34 +0100 (CET)
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@orange.kame.net
Delivered-to: racoon@kame.net
In-reply-to: <1gmqxyk.7ic2c8rvvh3M%manu@netbsd.org>
References: <1gmqxyk.7ic2c8rvvh3M%manu@netbsd.org>
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

On Thu, 4 Nov 2004, Emmanuel Dreyfus wrote:

> Michal Ludvig <michal@logix.cz> wrote:
> 
> > IPsec-tools racoon doesn't support NAT-OA payload that is required for
> > transport mode byt the standard. It is quite some time since I wrote the
> > NAT-T support so I'm not sure how much work would it be to add it...
> 
> Not that much, IMO. Implementing OA will also make possible to use
> multiple machines from behind a NAT.

I doubt it will help on Linux. It is missing OA handling at all (you 
can pass it to the kernel but the structure is never used).

BTW Having multiple clients behind a NAT doesn't work in Tunnel mode? 
But for Tunnel mode NAT-OA isn't transmitted anyway (as written in RFC).

Michal Ludvig
-- 
* A mouse is a device used to point at the xterm you want to type in.
* Personal homepage - http://www.logix.cz/michal

Follow-Ups:
- (racoon 856) Re: Racoon NAT-T Transport Mode
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- (racoon 855) Re: Racoon NAT-T Transport Mode
  - From: Derek Atkins <warlord@MIT.EDU>

References:
- (racoon 852) Re: Racoon NAT-T Transport Mode
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: (racoon 853) Re: Racoon NAT-T Transport Mode
Next by Date: (racoon 855) Re: Racoon NAT-T Transport Mode
Previous by thread: (racoon 853) Re: Racoon NAT-T Transport Mode
Next by thread: (racoon 855) Re: Racoon NAT-T Transport Mode
Index(es):
- Date
- Thread