From owner-freebsd-stable@FreeBSD.ORG Sun Apr 15 13:40:30 2012 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 195DD106566B for ; Sun, 15 Apr 2012 13:40:30 +0000 (UTC) (envelope-from zmiterby@gmail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 97FAE8FC1C for ; Sun, 15 Apr 2012 13:40:29 +0000 (UTC) Received: by wibhq7 with SMTP id hq7so3652306wib.13 for ; Sun, 15 Apr 2012 06:40:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=aod853UREh5jsgGjR1/hpuBUCHTiDJL7CGphau5TSuY=; b=sOmAghAAHz5uyU+HXqJANYYH+pSK7o/VSX+2XJ0odz7Y6RQkhASZ09QkugZx9y7bpu gTCO7HBUKUjdV/HxmolMedHDChkTgmRWmyMU9PmCYvjqiddEhsKY4pRarraYdAO3/XuX 1DqvVxxB8zkpGjnDU3UKOEoipAfF2245AaE3VWrNsvmcpPCI05+eoXVU00qaThwSNkfd wymkQo6oK3fwmALlUl1QiJbPWFdt4mXX2khwC210TakxEqXLzy+L4n/XDNlEIwsGzYAL gOKkbZ4xvG9PPrDFPi5iXTRLZtQsFT8MJ29wAMu1fF1K0Zc5oy0iLr+484cEMMMr1iiQ L1UA== Received: by 10.180.77.4 with SMTP id o4mr10843934wiw.17.1334497228544; Sun, 15 Apr 2012 06:40:28 -0700 (PDT) Received: from [127.0.0.1] ([178.121.136.168]) by mx.google.com with ESMTPS id 6sm12224453wiz.1.2012.04.15.06.40.26 (version=SSLv3 cipher=OTHER); Sun, 15 Apr 2012 06:40:27 -0700 (PDT) Message-ID: <4F8ACFB3.5040807@gmail.com> Date: Sun, 15 Apr 2012 16:40:03 +0300 From: Zmiter User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <4F87AB6F.4050504@gmail.com> <22CC7FDB-162E-44CD-8EEA-0B5B8B560F8B@lists.zabbadoz.net> In-Reply-To: <22CC7FDB-162E-44CD-8EEA-0B5B8B560F8B@lists.zabbadoz.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: stable@freebsd.org Subject: Re: Support for IPSec NAT-T in transoprt mode X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Apr 2012 13:40:30 -0000 14.04.2012 19:59, Bjoern A. Zeeb написал: > On 13. Apr 2012, at 04:28 , Zmiter wrote: > >> Hello. >> Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still in broken state? > It's not broken; it was never implemented. No FreeBSD tree shipped does > support transport mode at this time. There are patches but you also need > to fix ipsec-tools or your ike daemon. If you do the latter I can commit > the former. > > /bz > Where could I get that patches? I'd like to test them and to see what could I do with them. And, if it's really so difficult to implement transport mode in kernel some way, describe it (I think, all the work for third parties will be implemented through pfkey interface), and wait some time (or may be help a little) until it'll be implemented in ipsec-tools. It's not the egg and chicken problem, may be the kernel must be the first. Or may be I'm not in theme so deep? Is it really some sort or big and principal incompatibilities with ipsec-tools? Thank a lot 15.04.2012 Zmiter