Jonny Martin wrote:
So perhaps we reached a point where it should be considered bad form for one to design protocols that are not NAT friendly then?
Ugh. Like damn near every major VPN protocol. I notice though that IPSEC now has a UDP mode, which will work through any sensible NAT. Both ESP and AH needed to die. Now, if we could just give GRE (and especially its bastard stepchild, PPTP) the last rites, the world would be a better place. Frankly, anyone developing a protocol that isn't layered on TCP (if it is OK with TCP's foibles) or UDP (pretty much every other case) is an idiot. Yes, that includes the morons that gave us ESP, AH and PPT-bloody-P. Oh, while I'm ranting, will someone give me an encryption mode for PPP that actually works? -- don