From owner-freebsd-net@FreeBSD.ORG Fri May 29 21:57:06 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9753B1065672 for ; Fri, 29 May 2009 21:57:06 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from mail-fx0-f159.google.com (mail-fx0-f159.google.com [209.85.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id 2AD8E8FC16 for ; Fri, 29 May 2009 21:57:05 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: by fxm3 with SMTP id 3so1798223fxm.43 for ; Fri, 29 May 2009 14:57:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=FiWjALRtMDzyJRGrLoKNUy11x30d2e/HX2iDuse3hnw=; b=IJ3KHsgmGaj0dDYDniDz+rksO1iNCO1Y01TJump5zlEU8KP1ZetN62ngWxQcJS0K7v EdNWsFoATF+d6DQom19bPLr2MVKwQaOAQsUD7KX4TK9AmH9/9z+/EcUPxx431BVDHRpP V58a+lk5FS66P4x+x7kLLQzETfdGOSPJAT9wA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=hL6Yi2FUUZynEtrkTUS7EPqYH38zyPymmwSL6Y5kDHNNiRllLMxPi38csiRJS58n/c /YCA97sKVOg+Ixjrp6yVlNpKWC6cw+04YWJ+BppSWjLvUz5MLsVgx3bOA/9vaK62n9KU BKeG1wpciooAXCnZ6WJ/sDUQLGM1UjGRA7YkE= MIME-Version: 1.0 Received: by 10.204.100.10 with SMTP id w10mr2771625bkn.211.1243634225115; Fri, 29 May 2009 14:57:05 -0700 (PDT) In-Reply-To: <4A205679.5030406@zirakzigil.org> References: <4A205679.5030406@zirakzigil.org> From: Scott Ullrich Date: Fri, 29 May 2009 17:56:45 -0400 Message-ID: To: Giulio Ferro Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: NAT-T on current 8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 May 2009 21:57:07 -0000 On Fri, May 29, 2009 at 5:41 PM, Giulio Ferro wrote: > As far as I know the natt patch hasn't been included in the source tree yet. > This fact notwithstanding, is there a patch I can download and apply > manually? I need it rather badly... There sure is. bz@ sent this over for testing and we are using it in pfSense.. Works great! http://people.freebsd.org/~bz/20090523-04-natt.diff ... Please do follow up with feedback after you deploy. You will most likely also want the latest ipsec-tools cvs port + a few patches that we are also testing in pfSense... works great! http://cvs.pfsense.com/~sullrich/ipsec-tools-devel.zip ... This is a port file of a recent ipsec-tools cvs checkout + a few patches provided by vanhu@, extract to /usr/ports/security/ and make install. The NATT patch is slated to hit the FreeBSD tree soon so please do report back your findings. Thanks, Scott