ikev2: add support for NAT traversal

Type: feature * initiator behind NAT supported * tested with static NAT mappings * works only with pre-configured tunnels The pre-configured tunnel has to be defined as follows: initiator (i) side: src=ip(i) dst=ip(r) responder (r) side: src=ip(r) dst=ip(nat) Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
author: Filip Tehlar <ftehlar@cisco.com> 2020-04-02 13:13:39 +0000
committer: Neale Ranns <nranns@cisco.com> 2020-05-15 11:41:14 +0000
commit: 4362baa33c00b93d07f6648c87c064c96900f4df (patch)
tree: f7ffb67f3b6a98348ae4f88ae8d06f8d0ecbeffd /src/plugins/ikev2/ikev2_priv.h
parent: 17b5c3d6ab83a597e7c79613041f2fd7470825bd (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index a344e716a89..7f4cb03c373 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -358,7 +358,7 @@ typedef struct
   u64 lifetime_maxdata;
   u32 lifetime_jitter;
   u32 handover;
-  u16 dst_port;
+  u16 ipsec_over_udp_port;
 
   u32 tun_itf;
   u8 udp_encap;
@@ -425,7 +425,7 @@ typedef struct
   u8 is_tun_itf_set;
   u32 tun_itf;
   u8 udp_encap;
-  u16 dst_port;
+  u16 ipsec_over_udp_port;
 
   f64 old_id_expiration;
   u32 current_remote_id_mask;
@@ -437,6 +437,12 @@ typedef struct
 
   u8 liveness_retries;
   f64 liveness_period_check;
+
+  u16 dst_port;
+  u32 sw_if_index;
+
+  /* is NAT traversal mode */
+  u8 natt;
 } ikev2_sa_t;
author	Filip Tehlar <ftehlar@cisco.com>	2020-04-02 13:13:39 +0000
committer	Neale Ranns <nranns@cisco.com>	2020-05-15 11:41:14 +0000
commit	4362baa33c00b93d07f6648c87c064c96900f4df (patch)
tree	f7ffb67f3b6a98348ae4f88ae8d06f8d0ecbeffd /src/plugins/ikev2/ikev2_priv.h
parent	17b5c3d6ab83a597e7c79613041f2fd7470825bd (diff)