From owner-freebsd-security@FreeBSD.ORG  Thu Apr 21 13:56:02 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EFC7716A4CE
	for <freebsd-security@freebsd.org>;
	Thu, 21 Apr 2005 13:56:02 +0000 (GMT)
Received: from gta.com (mailgate.gta.com [199.120.225.4])
	by mx1.FreeBSD.org (Postfix) with SMTP id 5BA0C43D2D
	for <freebsd-security@freebsd.org>;
	Thu, 21 Apr 2005 13:56:02 +0000 (GMT)	(envelope-from lab@gta.com)
Received: (qmail 2719 invoked by uid 1000); 21 Apr 2005 13:56:01 -0000
Date: 21 Apr 2005 13:56:01 -0000
Message-ID: <20050421135601.2718.qmail@gta.com>
From: Larry Baird <lab@gta.com>
To: mike@sentex.net (Mike Tancsa)
In-Reply-To: <6.2.1.2.0.20050421090724.04cc1668@64.7.153.2>
X-Newsgroups: freebsd.security
User-Agent: tin/1.5.9-20010723 ("Chord of Souls") (UNIX) (FreeBSD/4.10-RELEASE
	(i386))
X-Mailman-Approved-At: Fri, 22 Apr 2005 13:45:39 +0000
cc: freebsd-security@freebsd.org
Subject: Re: Fwd: (KAME-snap 9012) racoon in the kame project
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2005 13:56:03 -0000

In article <6.2.1.2.0.20050421090724.04cc1668@64.7.153.2> you wrote:
> FYI, looks like support for Racoon is ending.  Does anyone have any 
> experience with the version in ipsec-tools ?
I have been using it with FreeBSD 4.11.  The only issues I have ran
into is that some of its debug messages use %zu and %zd.  The %z
isn't know by 4.x libc and causes a core dump.  This issue is easily
fixed with sed.  Since 5.x know about %z, this should be a non-issue
for more current versions of FreeBSD.  

The ipsec-tools version has support for NAT-T if the kernel has
support.  There exist patches for use with the IPSEC option of 4.x
at ipsec-tools source forge site.  Yesterday I posted updated patches
to support FAST_IPSEC under 4.11.  I had made patches for 5.x but
accidently clobered them.  The port is very straight forward.

To save you some time looking for them, The FreeBSD kernel patches
can be found here:
http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/htdocs/

Larry

-- 
------------------------------------------------------------------------
Larry Baird                        | http://www.gta.com
Global Technology Associates, Inc. | Orlando, FL
Email: lab@gta.com                 | TEL 407-380-0220, FAX 407-380-6080