From owner-freebsd-net Tue Apr 9 3:59:32 2002 Delivered-To: freebsd-net@freebsd.org Received: from hotmail.com (law2-oe70.hotmail.com [216.32.180.163]) by hub.freebsd.org (Postfix) with ESMTP id 507C437B404 for ; Tue, 9 Apr 2002 03:59:29 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 9 Apr 2002 03:59:29 -0700 X-Originating-IP: [213.82.66.51] From: "Marco Berizzi" To: Subject: ipsec & udp-encaps Date: Tue, 9 Apr 2002 12:58:50 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 09 Apr 2002 10:59:29.0314 (UTC) FILETIME=[9F062820:01C1DFB5] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. Since I keep running into problems with NAT traversal when implementing IPSEC solutions, I've been looking at solutions offered by quite a few of the commerical setups. Seems that a pretty widely used solution is to send ESP encapsulated in udp packets. Specifics for this kind of configuration can be found as Internet drafts: http://www.ietf.org/internet-drafts/draft-ietf-ipsec-udp-encaps-01.txt http://www.ietf.org/internet-drafts/draft-ietf-ipsec-udp-encaps-justific ation-00.txt http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-01.txt Is there any interest or plan for inclusion of this kind of implementation into FreeBSD IPSec stack? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message