Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

To: current-users%NetBSD.org@localhost, ipsec-tools-devel%lists.sourceforge.net@localhost
Subject: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
From: Dan McDonald <danmcd%sun.com@localhost>
Date: Sun, 26 Oct 2008 19:06:09 -0400

On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote:
<SNIP!>
> is it old news that racoon and a kernel with NAT-T [1] will result in a
> failure to do IPSEC because the pfkey update about NAT-T fails in phase 2
> and racoon decides to fail the entire connection?

Depends on what version of racoon?  There were relatively recent fixes in the
NAT-T with Transport Mode code that allowed QM to move forward again.  (It
caused all sort of interoperability problems with the Solaris IKE.)

Can't speak about the IPv6 + stack overflow, however.

Dan

References:
- racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: S.P.Zeidler

Prev by Date: triweekly CVS update output
Next by Date: Re: Strange system behavior
Previous by Thread: racoon+NAT-T and racoon+debug+IPv6 not so happy?
Next by Thread: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Indexes:

Home | Main Index | Thread Index | Old Index