Maybe u alos need this: esp porto conntrack. Another file is ipt_esp.c, which could find it anywhere, I don't know if u need it in ur kernel version. On 5/29/08, Sarge Gorden <metalblade@xxxxxxxxx> wrote: > If the VPN server or client doesn't support NAT-T. > Then multiple hosts behind a single NAT address couldn't > simultaneously establish and maintain tunnels to the multiple exterior > hosts. > Only one host could establish... > > But if both side support NAT-T, it works. > > > On Thu, May 29, 2008 at 5:49 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > > > > On Thursday 2008-05-29 11:31, Sarge Gorden wrote: > > > >>Hi all, > >> > >>Now I was using a Linux box as a gateway (Ver: 2.6.18). But without > >>NAT-T there gona some problems when connecting a L2TP-over-IPSec VPN > >>server. > > > > What problem? > > > >>I wonder if there's a "IPSec ALG" could port into the kernel. (Just > >>like ip_conntack_ipsec/ip_nat_ipsec) > >>Is there is a patch availiable now? > > > > AH and ESP is handled by nf_conntrack_proto_generic (always built-in). > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html >
Attachment:
ip_conntrack_proto_esp.c
Description: Binary data
Attachment:
ip_conntrack_esp.h
Description: Binary data
Attachment:
ip_nat_esp.h
Description: Binary data
Attachment:
ip_nat_proto_esp.c
Description: Binary data
