From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 16:40:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B584116A400 for ; Thu, 23 Mar 2006 16:40:04 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from leia.fdn.fr (ns0.fdn.org [80.67.169.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 696B143D69 for ; Thu, 23 Mar 2006 16:40:00 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25]) by leia.fdn.fr (8.13.3/8.13.3/FDN) with ESMTP id k2NGdvJV008968 for ; Thu, 23 Mar 2006 17:39:58 +0100 Received: by smtp.zeninc.net (smtpd, from userid 1000) id 100A13F17; Thu, 23 Mar 2006 17:39:52 +0100 (CET) Date: Thu, 23 Mar 2006 17:39:51 +0100 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20060323163951.GA11458@zen.inc> References: <4421CCF3.9010907@shrew.net> <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 16:40:04 -0000 On Thu, Mar 23, 2006 at 05:09:05PM +0100, Eric Masson wrote: > Matthew Grooms writes: [....] > > http://ipsec-tools.sf.net/freebsd6-natt.diff > > I tried to compile ipsec-tools with 6.1-PRERELEASE natt patched kernel & > headers and so far, didn't succeed. It should work (I'm compiling it with a modified 6.1-PRERELEASE, but did not tried for now with just 6.1-PRERELEASE+NAT6T patch). Could you send me the logs ? > natt detection fails, gcc complains it's not able to evaluate the size > of a structure in a header, and then configure disables functionality. nat-t support detection is quite bad actually (and not only with FreeBSD), as it just detects NAT-T support in kernel includes, not in compiled kernel. Have a look at your /usr/include/net/pfkeyv2.h, and see if you have some NAT-T related stuff. > Does anybody knows if Yvan's patches will be integrated in the tree > anytime ? The "patent issue" doesn't seem to bother Net, Open & Linux I didn't have news about patent issues recently. There are still some works to do on the patch, especially: - sync with Manu's recent works on NetBSD (support for multiple peers behind the same address). It should not take too long to do that, and I'll work on it within next weeks. - port to FAST_IPSEC. Once again, it should not take too much time to do that. I was waiting for George's works on PFKey interface, but looks like it won't really be a problem to merge both works, so I'll probably do it "soon". But the actual version of the patch is already good enough for integration if FreeBSd's team wants it, there are just some (temporary) limitations which needs to be know. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com