On Thu, 2006-19-10 at 18:26 +0100, Michal Ruzicka wrote: > Hello > > In an effort to configure an L2TP/IPsec server on Linux capable of supporting > multiple clients behind a single NAT device I ran into difficulties with > pf_key > protocol implementation not being able to exploit all the information > passed to it as a SADB_EXT_ADDRESS_PROXY info. Perhaps as the original source > suggested (/* Nobody uses this, but we try. */) this info has never been used > before.
BTW, why not use xfrm instead? Then you dont have to worry about racoon. Unless you care about running this in some other OS (I suspect these OSes probably have made use of SADB_EXT_ADDRESS_PROXY so that may be a futile effort in any case). cheers, jamal PS:- Nothing stands out for me in your patch, so i have no comment; i wasnt sure if the concept of tcp/udp port meant much to the concept of a security association - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
