[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: About IPSec ALG
From:       madbug <gdmadbug () gmail ! com>
Date:       2008-05-30 3:16:07
Message-ID: 5e81daf20805292016gc8b6a8fub1dc6df53bf64cd3 () mail ! gmail ! com
[Download RAW message or body]

Maybe u alos need this: esp porto conntrack.

Another file is ipt_esp.c, which could find it anywhere, I don't know
if u need it in ur kernel version.




On 5/29/08, Sarge Gorden <metalblade@gmail.com> wrote:
> If the VPN server or client doesn't support NAT-T.
> Then multiple hosts behind a single NAT address couldn't
> simultaneously establish and maintain tunnels to the multiple exterior
> hosts.
> Only one host could establish...
>
> But if both side support NAT-T, it works.
>
>
> On Thu, May 29, 2008 at 5:49 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
> >
> > On Thursday 2008-05-29 11:31, Sarge Gorden wrote:
> >
> >>Hi all,
> >>
> >>Now I was using a Linux box as a gateway (Ver: 2.6.18). But without
> >>NAT-T there gona some problems when connecting a L2TP-over-IPSec VPN
> >>server.
> >
> > What problem?
> >
> >>I wonder if there's a "IPSec ALG" could port into the kernel. (Just
> >>like ip_conntack_ipsec/ip_nat_ipsec)
> >>Is there is a patch availiable now?
> >
> > AH and ESP is handled by nf_conntrack_proto_generic (always built-in).
> >
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

["ip_conntrack_proto_esp.c" (application/octet-stream)]
["ip_conntrack_esp.h" (application/octet-stream)]
["ip_nat_esp.h" (application/octet-stream)]
["ip_nat_proto_esp.c" (application/octet-stream)]
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[prev in list] [next in list] [prev in thread] [next in thread]