Hi,
There are many IPsec related standards, and I was hoping to use the
combined experience of the list to tell me if in fact, these new apple
devices have a bug, or whether it is an RFC or draft anywhere.
When using L2TP/IPsec mode with IKEv1, the latest iphones/OSX machines,
when on public IP, and when no NAT is detected, send UDP_ENCAP packets
where the inner IP is the same as the outer IP.
On the server, this is a problem. We now need to build tunnels to a
random publicly addressable IP. Since that is dangerous and could be
hijacking a real IP address, openwan only limits per default to RFC1918
space (and 25/8 since too many North American telco's use this and the
UK MoD seems to not care). As a result, to make this work, we need to
allow basically any public IP to be tunnelled.
Is this indeed a bug in these devices? If so, is there anyone from Apple
here that I can talk to and resolve this. Or if this is a
feature/draft/rfc, could someone point me to it?
Thanks,
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
