From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 13:31:33 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58A861065670 for ; Thu, 11 Dec 2008 13:31:33 +0000 (UTC) (envelope-from nrml@att.net) Received: from smtp105.sbc.mail.mud.yahoo.com (smtp105.sbc.mail.mud.yahoo.com [68.142.198.204]) by mx1.freebsd.org (Postfix) with SMTP id 080C58FC12 for ; Thu, 11 Dec 2008 13:31:32 +0000 (UTC) (envelope-from nrml@att.net) Received: (qmail 33263 invoked from network); 11 Dec 2008 13:31:31 -0000 Received: from unknown (HELO Inbox) (nrml@173.117.132.218 with login) by smtp105.sbc.mail.mud.yahoo.com with SMTP; 11 Dec 2008 13:31:30 -0000 X-YMail-OSG: nqCpSOoVM1ki8L9M47_cR.MJUBFPXfZ1pJz7YMKyP8vivraZVupztu7quK8dpmigr30QXaBQn3tim8roHoch_rVMuk3ot5o8r_0_80aV.lYnbyzGIxFtnYGRuu1UZ.JIm6jO3gLbO.vXfDOYP9Ldi0F_ X-Yahoo-Newman-Property: ymail-3 MIME-Version: 1.0 content-class: From: Gabe Date: Thu, 11 Dec 2008 05:31:44 -0800 Importance: normal X-Priority: 3 To: VANHULLEBUS Yvan Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Message-Id: <20081211133133.080C58FC12@mx1.freebsd.org> Cc: freebsd-net@freebsd.org Subject: RE: NAT-T + ipsec integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2008 13:31:33 -0000 Ok recompiling now. Hopefully it works fine. I'll report back. Thanks. -----Original Message----- From: VANHULLEBUS Yvan Sent: Thursday, December 11, 2008 4:39 AM To: Gabe Cc: freebsd-net@freebsd.org Subject: Re: NAT-T + ipsec integration On Thu, Dec 11, 2008 at 04:02:01AM -0800, Gabe wrote: > Hello all Hi. > Does anyone know how to enable nat traversal on freebsd? >=20 > I've got a site to site ipsec tunnel setup but clients behind the > nat can't vpn through it. Any help would be appreciated. Actually, you can apply a patch to src/sys and recompile your kernel with IPSEC_NAT_T options. Patches are available here: http://people.freebsd.org/~vanhu/NAT-T/ You can also try to play with Perforce's branch, but it is still work in progress to have a cleaned up version of PFKey interface (it may work, but I just started to set up some testing hosts). To answer the question some people may ask in this thread: the whole patch should be included in TRUNK as soon as PFKey cleanup will be done (which means "implemented + heavilly tested + reviewed"). Yvan. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"