[strongSwan-dev] IPSec Tunnel mode with NAT-T

Martin Willi martin at strongswan.org
Wed Aug 25 09:24:31 CEST 2010


Hi Kaushal,

> Does that mean that I can run a "test program" and do a setsockopt on
> the UDP socket in the "test program" and I will be able to receive
> messages on the UE ?

To enable UDP decapsulation of ESP packets, this option must be set on a
single socket in any application, yes. It does not matter which
application sets it. But the flag does just that, decapsulation of
UDP-in-ESP packets, you still have to configure the SAs with UDP
encapsulation.

Regards
Martin






More information about the Dev mailing list