Date: Tue, 02 Aug 2005 12:34:54 -0500 From: Matthew Grooms <mgrooms@seton.org> To: vanhu_bsd@zeninc.net Cc: freebsd-net@freebsd.org Subject: RE: NAT-T support for IPSec stack Message-ID: <42EFAEBE.8060905@seton.org>
next in thread | raw e-mail | index | archive | help
Woohoo!!! Thanks!!! I was just checking poking around for this last week and wondering when someone was going to bring this support to FreeBSD. >For some months now, ipsec-tools is now the "official" version of >racoon, the KAME's isakmp daemon. I hope it shows up in ports soon. The racoon port maintainer mentioned that the most recent import would be the last and the KAME racoon developer has stated he won't be maintaining the code anymore. A lot of fixes have shown up in ipsec-tools after the fork from the KAME project as well as hybrid user authentication support via pam. OpenBSDs isakmpd supports NAT-T as well. FreeBSD seems to be the straggler here. If memory serves me right, KAME IPSEC is still not SMP safe at the moment. It seems like FAST_IPSEC had a caveat as well like it doesn't work with IPV6 or something like that. Could it be that there is no developer that 'owns' these subsystems? Perhaps rrwatson has this on his list of things to attack with his ninja net hacking skills. >Are you interested in it? Yes ( as a user ) but I am not a FreeBSD developer. I think there was initially resistance from open source groups to integrate this support due to patent issues ( maybe just WRT usage w/ IKEv1 ) but must have been resolved as both OpenBSD and Linux support this functionality now. It would be very cool to get NAT-T + ipsec tools support as it opens the door for FreeBSD to compete with the big boys in the client based VPN market at some point down the road and offers an IPSEC alternative to OpenVPN. >Of course, it would also be interesting to have an ipsec-tools port, >I'll contact the ports list for such an integration. Fantastic! The website states that it compiles cleanly and works well on FreeBSD so it should be a piece of cake. I am in the process of moving but once settled and upgrade to 6 I will definitely test out your patches and would be willing to test out any ipsec-tools port as well. Thanks again for your work on this. -Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42EFAEBE.8060905>