Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.

author: Tobias Brunner <tobias@strongswan.org> 2009-07-29 11:34:47 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2009-07-30 14:06:26 +0200
commit: 789ba170246ab66e08211eb31903d667f559dbbc (patch)
tree: de938c5e4ba822ad6e857b72d6174083197793dd /src
parent: b2117eee2081f2d242917931687195087186e607 (diff)
download: strongswan-789ba170246ab66e08211eb31903d667f559dbbc.tar.bz2
strongswan-789ba170246ab66e08211eb31903d667f559dbbc.tar.xz
1 files changed, 15 insertions, 0 deletions
diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c
index 8627ca76d..2ad695e13 100644
--- a/src/charon/network/socket.c
+++ b/src/charon/network/socket.c
@@ -34,6 +34,9 @@
 #include <netinet/ip6.h>
 #include <netinet/udp.h>
 #include <net/if.h>
+#ifdef __APPLE__
+#include <sys/sysctl.h>
+#endif
 
 #include "socket.h"
 
@@ -611,6 +614,18 @@ socket_t *socket_create()
 	this->ipv6 = 0;
 	this->ipv4_natt = 0;
 	this->ipv6_natt = 0;
+
+#ifdef __APPLE__
+	{
+		int natt_port = IKEV2_NATT_PORT;
+		if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port,
+						 sizeof(natt_port)) != 0)
+		{
+			DBG1(DBG_NET, "could not set net.inet.ipsec.esp_port to %d: %s",
+				 natt_port, strerror(errno));
+		}
+	}
+#endif
 	
 	this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT);
 	if (this->ipv4 == 0)
author	Tobias Brunner <tobias@strongswan.org>	2009-07-29 11:34:47 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2009-07-30 14:06:26 +0200
commit	789ba170246ab66e08211eb31903d667f559dbbc (patch)
tree	de938c5e4ba822ad6e857b72d6174083197793dd /src
parent	b2117eee2081f2d242917931687195087186e607 (diff)
download	strongswan-789ba170246ab66e08211eb31903d667f559dbbc.tar.bz2 strongswan-789ba170246ab66e08211eb31903d667f559dbbc.tar.xz