[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP over UDP

To: ipsec@lists.tislabs.com
Subject: Re: ESP over UDP
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 10 Aug 1999 15:22:10 -0400
In-reply-to: Your message of "Tue, 10 Aug 1999 16:23:25 +0300." <3.0.5.32.19990810162325.00996dd0@smtp.datafellows.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Joern" == Joern Sierwald <joern.sierwald@datafellows.com> writes:
    Joern> At 09:05 10.8.1999 -0400, you wrote:
    >> You've got it backwards -- UDP runs over ESP, not the other way
    >> around.  Although you are correct in saying that ISAKMP runs over UDP.
    >> That is true.
    >> 
    >> The problem is that you are using IP Masquerade.  You will have
    >> trouble with IPSec across a NAT.  There are a couple of patches that
    >> exist for Linux to try to get IPSec working across the NAT:
    >> 
    >> ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
    >> 
    >> -derek
    >> 

    Joern> I need to run IPsec over every available IP masquerading
    Joern> implementation in the world, and therefore I have to send ESP
    Joern> packets as UDP payloads. Trust me, I know what I'm doing. (tm)

  You may know what you are doing, but you aren't doing IPsec.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

Re: ESP over UDP

From: Joern Sierwald <joern.sierwald@datafellows.com>

Prev by Date: Re: ESP over UDP
Next by Date: Re: ESP over UDP
Prev by thread: Re: ESP over UDP
Next by thread: Re: ESP over UDP
Index(es):
- Main
- Thread