Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote:
<SNIP!>
> is it old news that racoon and a kernel with NAT-T [1] will result in a
> failure to do IPSEC because the pfkey update about NAT-T fails in phase 2
> and racoon decides to fail the entire connection?

Depends on what version of racoon?  There were relatively recent fixes in the
NAT-T with Transport Mode code that allowed QM to move forward again.  (It
caused all sort of interoperability problems with the Solaris IKE.)

Can't speak about the IPv6 + stack overflow, however.

Dan