Date: Thu, 23 Mar 2006 17:39:51 +0100 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: FreeBSD as a VPN Client Gateway ... Message-ID: <20060323163951.GA11458@zen.inc> In-Reply-To: <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <4421CCF3.9010907@shrew.net> <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 23, 2006 at 05:09:05PM +0100, Eric Masson wrote: > Matthew Grooms <mgrooms@shrew.net> writes: [....] > > http://ipsec-tools.sf.net/freebsd6-natt.diff > > I tried to compile ipsec-tools with 6.1-PRERELEASE natt patched kernel & > headers and so far, didn't succeed. It should work (I'm compiling it with a modified 6.1-PRERELEASE, but did not tried for now with just 6.1-PRERELEASE+NAT6T patch). Could you send me the logs ? > natt detection fails, gcc complains it's not able to evaluate the size > of a structure in a header, and then configure disables functionality. nat-t support detection is quite bad actually (and not only with FreeBSD), as it just detects NAT-T support in kernel includes, not in compiled kernel. Have a look at your /usr/include/net/pfkeyv2.h, and see if you have some NAT-T related stuff. > Does anybody knows if Yvan's patches will be integrated in the tree > anytime ? The "patent issue" doesn't seem to bother Net, Open & Linux I didn't have news about patent issues recently. There are still some works to do on the patch, especially: - sync with Manu's recent works on NetBSD (support for multiple peers behind the same address). It should not take too long to do that, and I'll work on it within next weeks. - port to FAST_IPSEC. Once again, it should not take too much time to do that. I was waiting for George's works on PFKey interface, but looks like it won't really be a problem to merge both works, so I'll probably do it "soon". But the actual version of the patch is already good enough for integration if FreeBSd's team wants it, there are just some (temporary) limitations which needs to be know. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060323163951.GA11458>