diff --git a/file.c b/file.c
index f61c221..a6362c0 100644
--- a/file.c
+++ b/file.c
@@ -42,6 +42,8 @@ int init_config ()
gconfig.port = UDP_LISTEN_PORT;
gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */
+ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */
+ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */
gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */
gconfig.debug_avp = 0;
gconfig.debug_network = 0;
diff --git a/network.c b/network.c
index 543d30e..c66d1e3 100644
--- a/network.c
+++ b/network.c
@@ -78,23 +78,27 @@ int init_network (void)
* For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO
* values.
*/
- arg=1;
- if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum,
- &arg, sizeof(arg)) != 0) {
- l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno));
-
- gconfig.ipsecsaref=0;
- }
-
- arg=1;
- if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) {
- l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno));
+ if (!gconfig.ipsecsaref)
+ {
+ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n");
}
-#else
+ else
{
- l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n");
+ arg=1;
+ if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, &arg, sizeof(arg)) != 0) {
+ l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno));
+ gconfig.ipsecsaref=0;
+ }
+ else
+ {
+ arg=1;
+ if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) {
+ l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno));
+ }
+ }
}
-
+#else
+ l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n");
#endif
#ifdef USE_KERNEL