From: Wolfgang S. <wol...@di...> - 2011-11-08 19:37:51
|
Dear ipsec-tools developers, I would like to introduce a patch which allows specifying a interface name in the listen statement of the racoon configuration file. The advantage is that a modification of the file is not necessary, when the ip address of the VPN gateway is changed. The patch is based on a CVS trunk snapshot from last sunday evening: an...@an...:/cvsroot at 2011-11-06 22:00h MEZ plus my 5 previous patches p1-2011-11-06_rename_pfkey_to_racoon_pfkey.patch.tar.bz2 p2-p1_memory_leak_fixes_parser.patch.tar.bz2, p3-p2_individual_remote_natt_ports.patch.tar.bz2, p4-p3_bugfixes_and_cleanup.patch.tar.bz2 and p5-p4_destinations.patch.tar.bz2 Syntax examples look as follows: listen { isakmp interface "eth1" ipv4 [590]; isakmp_natt interface "eth1" ipv4 [4590]; isakmp interface "eth1" ipv6 [590]; isakmp_natt interface "eth1" ipv6 [4590]; } This is my last patch for a while. Hope they are all somehow appealing so that they will find the way into the next official release. Regards Wolfgang P.S: I am thinking about an enhancement for the listen statement so that the ip port can be given as follows: listen { isakmp interface "eth1" ipv4 [all_remote]; isakmp_natt interface "eth1" ipv4 [all_remote]; isakmp 192.168.80.2 [all_remote]; # use ports of all remote definitions isakmp_natt 192.168.80.2 [all_remote]; # use natt ports of all remote definitions } Then racoon would look into all remote definitions of the racoon.conf file (including it's destination statements of my patch p5-p4_destinations.patch.tar.bz2) and would take it's ports respectively natt ports to use them for listening. |