On 1 September 2016 at 10:31, Vincent Gross wrote:
> Our IPSec stack rejects UDP-encapsulated traffic using a non
> encapsulating SA, but not the other way around. This diff adds
> the missing check and the corresponding stat counter.
>
> Ok ?
>
Go for it. OK mikeb
On Thu, Sep 01 2016 at 46:18, Vincent Gross wrote:
> On Thu, 1 Sep 2016 18:02:14 +0200
> Claer wrote:
>
> > Hello,
> >
> > In some production systems, I'm still using an old patch to isakmpd for
> > Nat-t. When negociating SAs with ASA peers and OpenBSD is nated, you
On Thu, 1 Sep 2016 18:02:14 +0200
Claer wrote:
> Hello,
>
> In some production systems, I'm still using an old patch to isakmpd
> for Nat-t.
> When negociating SAs with ASA peers and OpenBSD is nated, you have
> issues during negociation. The following discutions explain
Hello,
In some production systems, I'm still using an old patch to isakmpd
for Nat-t.
When negociating SAs with ASA peers and OpenBSD is nated, you have issues
during negociation. The following discutions explain the issue
Our IPSec stack rejects UDP-encapsulated traffic using a non
encapsulating SA, but not the other way around. This diff adds
the missing check and the corresponding stat counter.
Ok ?
Index: sys/netinet/ip_esp.h
===
RCS file: