From owner-freebsd-net@FreeBSD.ORG Sun May 31 13:50:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73AC61065672 for ; Sun, 31 May 2009 13:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2CAC78FC15 for ; Sun, 31 May 2009 13:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id DF71441C648; Sun, 31 May 2009 15:50:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id hDZ1jX6Lk-DW; Sun, 31 May 2009 15:50:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 439E241C67B; Sun, 31 May 2009 15:50:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 1A3204448E6; Sun, 31 May 2009 13:46:53 +0000 (UTC) Date: Sun, 31 May 2009 13:46:52 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Scott Ullrich In-Reply-To: Message-ID: <20090531134541.H3234@maildrop.int.zabbadoz.net> References: <4A205679.5030406@zirakzigil.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Giulio Ferro Subject: Re: NAT-T on current 8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 May 2009 13:50:07 -0000 On Fri, 29 May 2009, Scott Ullrich wrote: Hi Giulio, > On Fri, May 29, 2009 at 5:41 PM, Giulio Ferro wrote: >> As far as I know the natt patch hasn't been included in the source tree yet. >> This fact notwithstanding, is there a patch I can download and apply >> manually? I need it rather badly... > > There sure is. bz@ sent this over for testing and we are using it in > pfSense.. Works great! > > http://people.freebsd.org/~bz/20090523-04-natt.diff ... Please do > follow up with feedback after you deploy. > > You will most likely also want the latest ipsec-tools cvs port + a few > patches that we are also testing in pfSense... works great! > > http://cvs.pfsense.com/~sullrich/ipsec-tools-devel.zip ... This is a > port file of a recent ipsec-tools cvs checkout + a few patches > provided by vanhu@, extract to /usr/ports/security/ and make install. > > The NATT patch is slated to hit the FreeBSD tree soon so please do > report back your findings. Yes, in case you find any positiv or negative things we'd be happy to hear back from you - or anyone else who's going to give it a try. /bz -- Bjoern A. Zeeb The greatest risk is not taking one.