Skip site navigation (1)Skip section navigation (2)
Date:      21 Apr 2005 13:56:01 -0000
From:      Larry Baird <lab@gta.com>
To:        mike@sentex.net (Mike Tancsa)
Cc:        freebsd-security@freebsd.org
Subject:   Re: Fwd: (KAME-snap 9012) racoon in the kame project
Message-ID:  <20050421135601.2718.qmail@gta.com>
In-Reply-To: <6.2.1.2.0.20050421090724.04cc1668@64.7.153.2>

next in thread | previous in thread | raw e-mail | index | archive | help
In article <6.2.1.2.0.20050421090724.04cc1668@64.7.153.2> you wrote:
> FYI, looks like support for Racoon is ending.  Does anyone have any 
> experience with the version in ipsec-tools ?
I have been using it with FreeBSD 4.11.  The only issues I have ran
into is that some of its debug messages use %zu and %zd.  The %z
isn't know by 4.x libc and causes a core dump.  This issue is easily
fixed with sed.  Since 5.x know about %z, this should be a non-issue
for more current versions of FreeBSD.  

The ipsec-tools version has support for NAT-T if the kernel has
support.  There exist patches for use with the IPSEC option of 4.x
at ipsec-tools source forge site.  Yesterday I posted updated patches
to support FAST_IPSEC under 4.11.  I had made patches for 5.x but
accidently clobered them.  The port is very straight forward.

To save you some time looking for them, The FreeBSD kernel patches
can be found here:
http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/htdocs/

Larry

-- 
------------------------------------------------------------------------
Larry Baird                        | http://www.gta.com
Global Technology Associates, Inc. | Orlando, FL
Email: lab@gta.com                 | TEL 407-380-0220, FAX 407-380-6080



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050421135601.2718.qmail>