[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: RE: IPSEC -->NAT revisited
From: "Olmsted, Brian" <brian.olmsted () bellnexxia ! com>
Date: 2001-01-26 17:40:08
[Download RAW message or body]
Perhaps it could be rewritten to allow multiple ESP connections out like the
Linux patch that I mentioned earlier. Although I really don't need it for
my own needs; some people have posted with this need and beside we can show
that we can be just like the Linux dudes or better and have it portable.
I have my working with the Nortel Contivity Extranet client (2.6.2 47)
through my BSD box and I had to add the 'rdr' on the UDP traffic only (not
the ESP connection). I will have to play with this as my friend at work was
able to do it without the 'rdr' (just the map nat entry) I think but I don't
know if he ever had sessions up longer than 45-50 minutes since I think the
contivity does a rekey on the ISAKMP port (UDP 500) incoming an interval
like that.
perhaps we can get some insite from the patch the linux kernel for this...
I have my kernel source from Linux with it patched if that will help.
Maybe Darren has some documentation on how to write the proxy features...?
: -----Original Message-----
: From: Mike Porter [mailto:mupi@mknet.org]
: Sent: 26 January 2001 11:38 AM
: To: Dave Larson; Olmsted, Brian; ipfilter@coombs.anu.edu.au
: Subject: Re: IPSEC -->NAT revisited
:
:
: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
:
: On Friday 26 January 2001 05:59, Dave Larson wrote:
:
: > Someone could probaby build a proxy module to allow
: multiple clients to use
: > it behind NAT by building on what I've allreadt done to get
: a single client
: > to work. My changes and notes are at
: > http://www.cs.ndsu.nodak.edu/~davlarso/ipf/.
: >
:
: OK, I'm willing to tackle this, though I won't be offended in
: the least if
: someone else starts later and gets there first; I don'thave
: as much time as I
: would like to devote to this sort of thing (something about a
: "real job" so I
: can pay the bills....).
:
: Does anyone know where (or if) there is a written API for
: writing proxies? or
: am I on my own to look through the exisitng ones and try to
: figure out how
: its done?
:
: mike
: -----BEGIN PGP SIGNATURE-----
: Version: GnuPG v1.0.3 (FreeBSD)
: Comment: For info see http://www.gnupg.org
:
: iEYEARECAAYFAjpxp/0ACgkQZ7GovTQbIm5yOgCfe20Iki2LutxurwudEQpCy9lM
: 4G8Anjhik+H4q0UjpupbvytPDxQBeSHQ
: =l8pe
: -----END PGP SIGNATURE-----
:
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic