diff --git a/file.c b/file.c index f61c221..a6362c0 100644 --- a/file.c +++ b/file.c @@ -42,6 +42,8 @@ int init_config () gconfig.port = UDP_LISTEN_PORT; gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */ + gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */ + gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */ gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */ gconfig.debug_avp = 0; gconfig.debug_network = 0; diff --git a/network.c b/network.c index 543d30e..c66d1e3 100644 --- a/network.c +++ b/network.c @@ -78,23 +78,27 @@ int init_network (void) * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO * values. */ - arg=1; - if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, - &arg, sizeof(arg)) != 0) { - l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno)); - - gconfig.ipsecsaref=0; - } - - arg=1; - if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { - l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno)); + if (!gconfig.ipsecsaref) + { + l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n"); } -#else + else { - l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n"); + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, &arg, sizeof(arg)) != 0) { + l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno)); + gconfig.ipsecsaref=0; + } + else + { + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { + l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno)); + } + } } - +#else + l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n"); #endif #ifdef USE_KERNEL