natt (again) in 7.2 stable and a forticlient
Ingo Flaschberger
if at xip.at
Fri Jul 24 14:10:44 UTC 2009
Hi,
attached a patch for ports-security-ipsec-tools Makefile
to disable to offer NATT-IKE-ENCAP.
Kind regardsm
Ingo Flaschberger
-------------- next part --------------
--- Makefile_org 2009-07-24 15:01:11.000000000 +0200
+++ Makefile 2009-07-24 16:07:32.000000000 +0200
@@ -41,6 +41,7 @@
DPD "enable Dead Peer Detection" on \
NATT "enable NAT-Traversal (kernel-patch required)" on \
NATTF "require NAT-Traversal (fail without kernel-patch)" off \
+ NATNONIKE "offer NAT-Traversal UDP encapsulation only" off \
FRAG "enable IKE fragmentation payload support" on \
HYBRID "enable Hybrid, Xauth and Mode-cfg support" on \
PAM "enable PAM authentication (Xauth server)" off \
@@ -99,6 +100,10 @@
CONFIGURE_ARGS+= --disable-natt
.endif
+.ifdef(NATNONIKE)
+CONFIGURE_ARGS+= --enable-natt-versions=2,3,4,5,6,5,7,8,RFC
+.endif
+
.ifdef(WITH_FRAG)
CONFIGURE_ARGS+= --enable-frag
.else
More information about the freebsd-net
mailing list