'RE: IPSEC -->NAT revisited'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: IPSEC -->NAT revisited
From:       "Olmsted, Brian" <brian.olmsted () bellnexxia ! com>
Date:       2001-01-26 17:40:08
[Download RAW message or body]


Perhaps it could be rewritten to allow multiple ESP connections out like the
Linux patch that I mentioned earlier.  Although I really don't need it for
my own needs; some people have posted with this need and beside we can show
that we can be just like the Linux dudes or better and have it portable.

I have my working with the Nortel Contivity Extranet client (2.6.2 47)
through my BSD box and I had to add the 'rdr' on the UDP traffic only (not
the ESP connection).  I will have to play with this as my friend at work was
able to do it without the 'rdr' (just the map nat entry) I think but I don't
know if he ever had sessions up longer than 45-50 minutes since I think the
contivity does a rekey on the ISAKMP port (UDP 500) incoming an interval
like that.


perhaps we can get some insite from the patch the linux kernel for this...
I have my kernel source from Linux with it patched if that will help.


Maybe Darren has some documentation on how to write the proxy features...?


: -----Original Message-----
: From: Mike Porter [mailto:mupi@mknet.org]
: Sent: 26 January 2001 11:38 AM
: To: Dave Larson; Olmsted, Brian; ipfilter@coombs.anu.edu.au
: Subject: Re: IPSEC -->NAT revisited
: 
: 
: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
: 
: On Friday 26 January 2001 05:59, Dave Larson wrote:
: 
: > Someone could probaby build a proxy module to allow 
: multiple clients to use
: > it behind NAT by building on what I've allreadt done to get 
: a single client
: > to work. My changes and notes are at
: > http://www.cs.ndsu.nodak.edu/~davlarso/ipf/.
: >
: 
: OK, I'm willing to tackle this, though I won't be offended in 
: the least if 
: someone else starts later and gets there first; I don'thave 
: as much time as I 
: would like to devote to this sort of thing (something about a 
: "real job" so I 
: can pay the bills....).  
: 
: Does anyone know where (or if) there is a written API for 
: writing proxies? or 
: am I on my own to look through the exisitng ones and try to 
: figure out how 
: its done?
: 
: mike
: -----BEGIN PGP SIGNATURE-----
: Version: GnuPG v1.0.3 (FreeBSD)
: Comment: For info see http://www.gnupg.org
: 
: iEYEARECAAYFAjpxp/0ACgkQZ7GovTQbIm5yOgCfe20Iki2LutxurwudEQpCy9lM
: 4G8Anjhik+H4q0UjpupbvytPDxQBeSHQ
: =l8pe
: -----END PGP SIGNATURE-----
: 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic