[vpnc-devel] In-kernel IPSEC support
John Morrissey
jwm at horde.net
Sat Feb 2 22:50:28 CET 2008
On Thu, Jan 24, 2008 at 01:42:28PM -0500, Jeremy Volkman wrote:
> I believe the patch you're referring to posted at
> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2004-September/000228.html.
> It's about 3.5 years old and won't apply cleanly anymore, but I hope
> to spend some time fixing that in the near future. In the meantime,
> have you tried one of the various NAT-T modes (e.g. force-natt or
> cisco-udp)?
cisco-udp didn't work since ike must (apparently) still be sourced from port
500 on the client (at least, it didn't work for me when I tried using 501
for the local port instead - the tunnel would be established, but wouldn't
pass any traffic).
Using local port 501 with force-natt works great, though. Thanks, Jeremy.
john
--
John Morrissey _o /\ ---- __o
jwm at horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
More information about the vpnc-devel
mailing list