Date: Thu, 16 Feb 2017 10:31:08 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 217131] [patch] security/ipsec-tools add patch for better NAT-T support Message-ID: <bug-217131-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217131 Bug ID: 217131 Summary: [patch] security/ipsec-tools add patch for better NAT-T support Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: vanhu@FreeBSD.org Reporter: ae@FreeBSD.org Keywords: patch Assignee: vanhu@FreeBSD.org Flags: maintainer-feedback?(vanhu@FreeBSD.org) Created attachment 180038 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D180038&action= =3Dedit patch This patch adds NATT_EXTRA_PATCHES=3Dnatt.diff and enables only UDP encapsu= lation defined in RFC3948. The natt.diff patch contains the following changes: * added support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages; * used NAT address instead of original for SAs created by racoon; * NAT-T keep-alives now sends only by NATed host. Several people reported that now they are able to use NAT-T in transport mo= de with IPsec from projects/ipsec. However I did not tested how it affects IPs= ec implementation from stable/9,10,11. From quick look it should not affect something that worked earlier. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217131-13>