From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 17:16:16 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06200106567A for ; Fri, 12 Dec 2008 17:16:16 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from alf.aws-net.org.ua (alf.aws-net.org.ua [85.90.196.192]) by mx1.freebsd.org (Postfix) with ESMTP id 585DA8FC23 for ; Fri, 12 Dec 2008 17:16:14 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from aviko (aviko.aws-net.org.ua [192.168.32.4]) (authenticated bits=0) by alf.aws-net.org.ua (8.14.3/8.14.3) with ESMTP id mBCGjL3p061172 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 12 Dec 2008 18:45:21 +0200 (EET) (envelope-from artem@aws-net.org.ua) From: Artyom Viklenko Organization: Arto&Co. To: freebsd-net@freebsd.org Date: Fri, 12 Dec 2008 18:45:20 +0200 User-Agent: KMail/1.9.10 References: <20081211122828.CF3958FC16@mx1.freebsd.org> <20081211123958.GA5332@zeninc.net> In-Reply-To: <20081211123958.GA5332@zeninc.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200812121845.20262.artem@aws-net.org.ua> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (alf.aws-net.org.ua [192.168.32.61]); Fri, 12 Dec 2008 18:45:21 +0200 (EET) X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on alf.aws-net.org.ua X-Virus-Status: Clean Subject: Re: NAT-T + ipsec integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2008 17:16:16 -0000 On Thursday 11 December 2008 14:39:58 VANHULLEBUS Yvan wrote: > On Thu, Dec 11, 2008 at 04:02:01AM -0800, Gabe wrote: > > Hello all > > Hi. > > > Does anyone know how to enable nat traversal on freebsd? > > > > I've got a site to site ipsec tunnel setup but clients behind the > > nat can't vpn through it. Any help would be appreciated. > > Actually, you can apply a patch to src/sys and recompile your kernel > with IPSEC_NAT_T options. > Patches are available here: > http://people.freebsd.org/~vanhu/NAT-T/ And what about patches for 6.4-RELEASE? > > > You can also try to play with Perforce's branch, but it is still work > in progress to have a cleaned up version of PFKey interface (it may > work, but I just started to set up some testing hosts). > > > > To answer the question some people may ask in this thread: the whole > patch should be included in TRUNK as soon as PFKey cleanup will be > done (which means "implemented + heavilly tested + reviewed"). > > > > Yvan. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --             Sincerely yours,                              Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem artem@viklenko.net   | ================================ FreeBSD: The Power to Serve   -  http://www.freebsd.org