Date: Sun, 19 Nov 2017 22:19:56 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: Eugene Grosbein <eugen@grosbein.net> Cc: Eric Masson <emss@free.fr>, freebsd-net@freebsd.org, Jim Thompson <jim@netgate.com>, "Muenz, Michael" <m.muenz@spam-fetish.org> Subject: Re: OpenVPN vs IPSec Message-ID: <20171119151956.GK82727@admin.sibptus.transneft.ru> In-Reply-To: <5A119DDF.4090809@grosbein.net> References: <20171118165842.GA73810@admin.sibptus.transneft.ru> <b96b449e-3dc1-6e75-e803-e6d6abefe88e@spam-fetish.org> <20171119120832.GA82727@admin.sibptus.transneft.ru> <86o9nytmma.fsf@newsrv.interne.associated-bears.org> <20171119145116.GE82727@admin.sibptus.transneft.ru> <5A119DDF.4090809@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eugene Grosbein wrote: > > > And the kernel IPsec implementation has had problems with NAT > > traveral. Does it stil have problems and requre extra patches for NAT > > traveral? > > No, it has not after IPSec code overhaul in times of 11.0-STABLE. > NAT traversal works out-of-box these days not requiring extra patches. Glad to hear that. Also, in 11.x no kernel recompilation is needed to enable IPSec. So maybe when I eventually migrate all my hosts to the 11th branch, it will be time for me to give IPSec a second chance, with all that nice if_ipsec stuff. > > It needs "nat_traversal on" in the racoon.conf, though. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171119151956.GK82727>