From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 22:21:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D91E916A41F for ; Fri, 20 Jan 2006 22:21:26 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from corwin.easynet.fr (smarthost171.mail.easynet.fr [212.180.1.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74D9C43D45 for ; Fri, 20 Jan 2006 22:21:25 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from easyconnect2121135-233.clients.easynet.fr ([212.11.35.233] helo=smtp.zeninc.net) by corwin.easynet.fr with esmtp (Exim 4.50) id 1F04dI-0002d6-Dj for freebsd-net@freebsd.org; Fri, 20 Jan 2006 23:21:24 +0100 Received: by smtp.zeninc.net (smtpd, from userid 1000) id A6B543F17; Fri, 20 Jan 2006 23:21:19 +0100 (CET) Date: Fri, 20 Jan 2006 23:21:19 +0100 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20060120222119.GA2889@zen.inc> References: <20051228143817.GA6898@uk.tiscali.com> <001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca> <20051228153106.GA7041@uk.tiscali.com> <20051228164339.GB3875@zen.inc> <43B38747.1060906@iteranet.com> <20051229122549.GA11055@uk.tiscali.com> <20060120215333.GA48603@uk.tiscali.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060120215333.GA48603@uk.tiscali.com> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: IPSEC documentation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 22:21:27 -0000 On Fri, Jan 20, 2006 at 09:53:33PM +0000, Brian Candler wrote: > > On Thu, Dec 29, 2005 at 09:50:47AM +0300, Alexey Popov wrote: > > > If we would also have NAT-T support, FreeBSD would be the best choice > > > of VPN concentrator. > > I just saw this patch posted on the ipsec-tools-devel list: > http://ipsec-tools.sf.net/freebsd6-natt.diff I already posted the URL of this patch here some months ago, it's integration is being discussed with various people (and I never took time to send a PR). There are still some things to do from this patch, including sync with NetBSD recent features, NAT-T support for FAST_IPSEC, and provide a cleaner to help racoon's configure guess if there is kernel NAT-T support. I won't have time to work on that before next month. > It's for FreeBSD 6 but also seems to apply cleanly to 5.4, apart from one > file which I think needs this instead: I first ported FreeBSD 4's patch to FreeBSD 5, then I ported it to FreeBSD 6, and fixed some various things. FreeBSD5 to FreeBSD6 was really more a cleanup and a rediff (lines numbers changed, etc...) than a "port". Except the indentation changes you reported (introduced between FreeBSD6-RELEASE and FreeBSD6-STABLE), it should work without problems on FreeBSD5, but I don't really want to maintain a separate FreeBSD5 patch, unless there is really some important needs for it ! Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com