| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 01 Dec 2006 14:32:17 -0600
From: Venkat Yekkirala <vyekkirala@...stedcs.com>
To: netdev@...r.kernel.org
CC: dgoeddel@...stedcs.com, chanson@...stedcs.com, bphan@...stedcs.com
Subject: Multiple end-points behind same NAT
Hi,
I am wondering if 26sec supports NAT-Traversal for multiple
endpoints behind the same NAT. In looking at xfrm_tmpl it's
not obvious to me that it's supported, at least going by the
following from the setkey man page:
When NAT-T is enabled in the kernel, policy matching for ESP over
UDP packets may be done on endpoint addresses and port (this
depends on the system. System that do not perform the port check
cannot support multiple endpoints behind the same NAT). When
using ESP over UDP, you can specify port numbers in the endpoint
addresses to get the correct matching. Here is an example:
spdadd 10.0.11.0/24[any] 10.0.11.33/32[any] any -P out ipsec
esp/tunnel/192.168.0.1[4500]-192.168.1.2[30000]/require ;
Or is this to be accomplished in a different way?
Thanks,
venkat
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists