Date: Sun, 14 Dec 2008 11:14:45 +0100 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: Stephen Clark <sclark46@earthlink.net> Cc: freebsd-net@freebsd.org Subject: Re: NAT-T + ipsec integration Message-ID: <20081214101445.GA2617@zeninc.net> In-Reply-To: <4942B264.5020607@earthlink.net> References: <20081211122828.CF3958FC16@mx1.freebsd.org> <20081211123958.GA5332@zeninc.net> <200812121845.20262.artem@aws-net.org.ua> <20081212175500.GA2573@zeninc.net> <4942B264.5020607@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 12, 2008 at 01:50:12PM -0500, Stephen Clark wrote: [...] > Are there any restrictions for nat-t on freebsd-6, like number of vpns that > can be natted? NAT-T generates quite no more restrictions than non NAT-T tunnels. Number of VPN tunnels may be a little bit lower with NAT-T than without: we do know that PFKey's buffer is the actual limitation when increasing number of SPD/SAD entries, and entries with NAT-T will generate (a few) more data per entry. I don't have exact numbers to provide to you, but expect number of running NAT-T tunnels to be a bit lower than without NAT-T. This is the only limit AFAIK. Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081214101445.GA2617>