From: Dan M. <da...@su...> - 2008-10-26 23:14:27
|
On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote: <SNIP!> > is it old news that racoon and a kernel with NAT-T [1] will result in a > failure to do IPSEC because the pfkey update about NAT-T fails in phase 2 > and racoon decides to fail the entire connection? Depends on what version of racoon? There were relatively recent fixes in the NAT-T with Transport Mode code that allowed QM to move forward again. (It caused all sort of interoperability problems with the Solaris IKE.) Can't speak about the IPv6 + stack overflow, however. Dan |