Date: Fri, 24 Jul 2009 16:10:40 +0200 (CEST) From: Ingo Flaschberger <if@xip.at> To: freebsd-net@freebsd.org Subject: Re: natt (again) in 7.2 stable and a forticlient Message-ID: <alpine.LFD.1.10.0907241609180.1395@filebunker.xip.at> In-Reply-To: <20090724082915.GA93467@zeninc.net> References: <alpine.LFD.1.10.0907232208260.25323@filebunker.xip.at> <20090724082915.GA93467@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi,
attached a patch for ports-security-ipsec-tools Makefile
to disable to offer NATT-IKE-ENCAP.
Kind regardsm
Ingo Flaschberger
[-- Attachment #2 --]
--- Makefile_org 2009-07-24 15:01:11.000000000 +0200
+++ Makefile 2009-07-24 16:07:32.000000000 +0200
@@ -41,6 +41,7 @@
DPD "enable Dead Peer Detection" on \
NATT "enable NAT-Traversal (kernel-patch required)" on \
NATTF "require NAT-Traversal (fail without kernel-patch)" off \
+ NATNONIKE "offer NAT-Traversal UDP encapsulation only" off \
FRAG "enable IKE fragmentation payload support" on \
HYBRID "enable Hybrid, Xauth and Mode-cfg support" on \
PAM "enable PAM authentication (Xauth server)" off \
@@ -99,6 +100,10 @@
CONFIGURE_ARGS+= --disable-natt
.endif
+.ifdef(NATNONIKE)
+CONFIGURE_ARGS+= --enable-natt-versions=2,3,4,5,6,5,7,8,RFC
+.endif
+
.ifdef(WITH_FRAG)
CONFIGURE_ARGS+= --enable-frag
.else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.LFD.1.10.0907241609180.1395>