On 2013-09-06, Christoph Leser <[email protected]> wrote: > Hello, list, > > from a remark by Stuart Henderson on an older thread > http://marc.info/?l=openbsd-misc&m=134849 788026722&w=2 back in September > 2012,I understood that NAT-T support in openBSD was not complete at that time, > especially the handling of the 'ENCAPSULATION_MODE' attribute in the phase 2 > 'TRANSFORM'. Sometimes this gets set to a value incompatible with other > equipment ( cisco ). > > Can someone please point me to where I can find more information on this > matter. Has anything changed in openBSD with regard to this, will openBSD > follow RFC3947 with regard to the encapsulation modes ( or is RFC3947 deas, it > seems to be a standard proposal since 2005 ). > > Mit freundlichen Gr��en > > Christoph Leser > > S&P Computersysteme GmbH > Zettachring 4 > 70567 Stuttgart Fasanenhof > > EMail: [email protected] > >
You misunderstand. OpenBSD uses the proper assigned encapsulation mode values from the newer internet-drafts and the published RFC: http://tools.ietf.org/html/draft-ietf-ipsec-nat-t-ike-04#section-5.1 http://tools.ietf.org/html/rfc3947#section-5.1 It is Cisco who use the old encapsulation mode values from the early versions of the internet-draft (marked "XXX CHANGE" here): http://tools.ietf.org/html/draft-ietf-ipsec-nat-t-ike-03#section-5.1
