On Tue, 18 May 2004, Paul Wouters wrote: > On Tue, 18 May 2004, Rene Mayrhofer wrote: > > > > USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true > > > > > The issue with USE_NAT_TRAVERSAL_TRANSPORT_MODE is not wether or not it > was causing problems in the implementation, but that as a feature, it is > a security risk. Openswan tends to package with all dangerious options > disabled, leaving them open for the (hopefully somewhat cluefull) user > to enable. One such example is 1DES. NAT-traversal in transport mode also > has security implications. That is why it is disabled.
NAT-T and NAT-T Transport mode are both are enabled in 1.x and 2.x trees. Without NAT-T Transport mode, we cannot interop with Win2k stack, which is what over 50% of users are interested in doing. Sadly, we are forced to make some sacrifices in the never ending game of compatibility. -- Ken Bantoft VP Business Development [EMAIL PROTECTED] Xelerance Corporation sip://toronto.xelerance.com http://www.xelerance.com The future is here. It's just not evenly distributed yet. -- William Gibson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
