From owner-freebsd-net@FreeBSD.ORG Tue Feb 23 14:35:07 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6C9E1065679; Tue, 23 Feb 2010 14:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 7A38F8FC12; Tue, 23 Feb 2010 14:35:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id DA6A541C795; Tue, 23 Feb 2010 15:35:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id T4Xw2ePbIRCt; Tue, 23 Feb 2010 15:35:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 807D341C759; Tue, 23 Feb 2010 15:35:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 48B694448EC; Tue, 23 Feb 2010 14:31:30 +0000 (UTC) Date: Tue, 23 Feb 2010 14:31:29 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: VANHULLEBUS Yvan In-Reply-To: <20100223142048.GA45899@zeninc.net> Message-ID: <20100223142839.K27327@maildrop.int.zabbadoz.net> References: <4B73E902.6050301@mail.ru> <20100211124756.GA9528@zeninc.net> <20100211125420.G27327@maildrop.int.zabbadoz.net> <4B83B79F.102@mail.ru> <20100223122127.GA45649@zeninc.net> <4B83CEE6.9040409@mail.ru> <20100223142048.GA45899@zeninc.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Denis Antrushin Subject: Re: IPSec connection troubles X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Feb 2010 14:35:08 -0000 On Tue, 23 Feb 2010, VANHULLEBUS Yvan wrote: Hi, > On Tue, Feb 23, 2010 at 03:49:42PM +0300, Denis Antrushin wrote: >> On 02/23/10 15:21, VANHULLEBUS Yvan wrote: > [....] >> Taking into account this quote: >> >> On 02/11/10 15:55, Bjoern A. Zeeb wrote: >>> Him saying it works on linux - has ipsec-tools grown proper OA support >>> these days? If that would be the case the kernel would probably a >>> minor task. >> >> this means that I have to come up with patches for both FreeBSD kernel >> and racoon at the same time. :-) >> May I contact you off-list with patches for both, when ready? >> As far as I understand, you are the one who can review both. > > Yes, but please keep Bjoern in CC of the mail, he'll probably also > review at lest the kernel part. Yeah, I should probably mention that if someone starts to generate patches, (s)he should make sure that the double-NAT scenario as described in the RFC will work as well from the beginning; else this will be kind of wasted efforts as someone would have to re-do the entire thing again. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing.