[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] VID for nat traversal



Openswan (and others FreeS/WAN forks) support following VIDs :

md5("draft-ietf-ipsec-nat-t-ike-00")
md5("draft-ietf-ipsec-nat-t-ike-01")
        no port floating
        NAT-D 130, NAT-OA 131, UDP-Tunnel 61443, UDP-Transport 61443

md5("draft-ietf-ipsec-nat-t-ike-02")
md5("draft-ietf-ipsec-nat-t-ike-02\n") [1]
md5("draft-ietf-ipsec-nat-t-ike-03")
        port floating (udp/4500)
        NAT-D 130, NAT-OA 131, UDP-Tunnel 61443, UDP-Transport 61443 

The code for following drafts (NAT-D 15, NAT-OA 16, UDP-Tunnel 3,
UDP-Transport 4) is in the code but not enabled by default because
we have no official VID to negociate it.

I use md5("Testing NAT-T RFC") to test it but it's not sent during
negociation.

[1]: http://www.sandelman.ottawa.on.ca/ipsec/2002/04/msg00233.html

-- 
Mathieu Lafon - Arkoon Network Security

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec