[Ipsec-tools-devel] listen statement enhancement

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Dear ipsec-tools developers,

I would like to introduce a patch which allows specifying a interface name
in the listen statement of the racoon configuration file. The advantage is
that a modification of the file is not necessary, when the ip address of the
VPN gateway is changed.

The patch is based on a CVS trunk snapshot from last sunday evening:
an...@an...:/cvsroot at 2011-11-06 22:00h MEZ plus my 5
previous patches
p1-2011-11-06_rename_pfkey_to_racoon_pfkey.patch.tar.bz2
p2-p1_memory_leak_fixes_parser.patch.tar.bz2,
p3-p2_individual_remote_natt_ports.patch.tar.bz2,
p4-p3_bugfixes_and_cleanup.patch.tar.bz2 and
p5-p4_destinations.patch.tar.bz2

Syntax examples look as follows:

listen {
	isakmp interface "eth1" ipv4 [590];
	isakmp_natt interface "eth1" ipv4 [4590];

	isakmp interface "eth1" ipv6 [590];
	isakmp_natt interface "eth1" ipv6 [4590];
}

This is my last patch for a while. Hope they are all somehow appealing so
that they will find the way into the next official release.

Regards
	Wolfgang

P.S: I am thinking about an enhancement for the listen statement so that the
ip port can be given as follows:

listen {
	isakmp interface "eth1" ipv4 [all_remote];
	isakmp_natt interface "eth1" ipv4 [all_remote];

	isakmp 192.168.80.2 [all_remote]; # use ports of all remote
definitions 
	isakmp_natt 192.168.80.2 [all_remote]; # use natt ports of all
remote definitions
}

Then racoon would look into all remote definitions of the racoon.conf file
(including it's destination statements of my patch
p5-p4_destinations.patch.tar.bz2) and would take it's ports respectively
natt ports to use them for listening.