On Mon, May 21, 2007 at 10:21:26AM +0100, Darren J Moffat wrote: <SNIP!> > Does allowing NAT-T with port other than UDP 4500 open up the > possibility of using IPsec with NAT as a client in a network that only > has say 80 and 443 open for external connections ?
Not unless those opens apply to *UDP* 80 and/or 443. Doing NAT-T over TCP is a whole new can of worms. :-P > If so I think that is worth doing even if the current in.iked can't make > use of this. Someone (say a GSoC 2007 student) might be able to make > use of this in porting say Racoon2 ? Like I said, the kernel changes aren't much for arbitrary UDP ports, and every local port you want only needs a corresponding socket bound to that port with UDP_NAT_T_ENDPOINT set for proper inbound demuxing. Thanks, Dan _______________________________________________ networking-discuss mailing list [email protected]
