add a "natt" option that forces negotiation of nat-t (and udpencap).

this is like the -t command line option on iked itself, but you get
to keep the ike listener on port 500 and you can enable this on
specific policies instead of all of them.

this is useful if you're dealing with an org that can't firewall
ESP traffic well and so you need to force the traffic to be udp
encapsulated even if there's no NAT involved.

ok markus@ tobhe@

0 files changed, 0 insertions, 0 deletions