Re: NAT and IPsec

[Markus Stenberg <mstenber@ssh.com>]

Ari Huttunen <Ari.Huttunen@F-Secure.com> writes:
 > > Well, as a side note - it seems that Ethereal barfs equally nicely to IKE
 > > version approach (which it _should_ handle but apparently doesn't). That
 > > reminds me, I have to submit my Ethereal patches for this.. (-:
 > > 
 > > Firewall rules are not _my_ concern - if why are you letting IKE through if
 > > you do not desire IPsec?
 > > 
 > > (Excluding some obscure use of AH to make "verifiable but snoopable" Big
 > > Brother-friendly access somewhere.)
 > I've been thinking that someone should make a patch to Ethereal that
 > would enable it to look inside AH or ESP/NULL. That's somewhat hard, but
 > doable with some innovative guesswork. (Right?)

At least 0.8.12 does that already (and I think it has done it for few
versions) with AH. I think I have equivalent patch for ESP/null in my
version but I haven't submitted much recently (because submissions that do
not get 'in' are silently ignored and I despise that type of behavior).

 > Ari

-Markus

 > -- 
 > Ari Huttunen                   phone: +358 9 859 900
 > Senior Software Engineer       fax  : +358 9 8599 0452
 > 
 > F-Secure Corporation       http://www.F-Secure.com 
 > 
 > F-Secure products: Integrated Solutions for Enterprise Security

--
Markus Stenberg <stenberg@ssh.com> of SSH Communications Security (www.ssh.com)

---

References:

• NAT and IPsec
• From: Jari Arkko <Jari.Arkko@lmf.ericsson.se>
• Re: NAT and IPsec
• From: Markus Stenberg <markus.stenberg@ssh.com>
• Re: NAT and IPsec
• From: Jari Arkko <Jari.Arkko@lmf.ericsson.se>
• Re: NAT and IPsec
• From: Markus Stenberg <mstenber@ssh.com>
• Re: NAT and IPsec
• From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

---

• Prev by Date: Identity Type
• Next by Date: RE: Safety of pre-shared keys? (Re: Reliable delete notifies)
• Prev by thread: Re: NAT and IPsec
• Next by thread: Re: NAT and IPsec
• Index(es):
  • Main
  • Thread