Date: Mon, 16 Apr 2012 11:59:45 +0200 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: Zmiter <zmiterby@gmail.com> Cc: stable@freebsd.org Subject: Re: Support for IPSec NAT-T in transoprt mode Message-ID: <20120416095945.GA29824@zeninc.net> In-Reply-To: <4F8ACFB3.5040807@gmail.com> References: <4F87AB6F.4050504@gmail.com> <22CC7FDB-162E-44CD-8EEA-0B5B8B560F8B@lists.zabbadoz.net> <4F8ACFB3.5040807@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. On Sun, Apr 15, 2012 at 04:40:03PM +0300, Zmiter wrote: > 14.04.2012 19:59, Bjoern A. Zeeb ??????????????: > >On 13. Apr 2012, at 04:28 , Zmiter wrote: > > > >>Hello. > >>Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still > >>in broken state? > >It's not broken; it was never implemented. No FreeBSD tree shipped does > >support transport mode at this time. There are patches but you also need > >to fix ipsec-tools or your ike daemon. If you do the latter I can commit > >the former. > > > >/bz > > > Where could I get that patches? I'd like to test them and to see what > could I do with them. You can get kernel patches in kern/146190, but as said in the pr and by Bjoern, it needs some work on userland (IKE daemon). > And, if it's really so difficult to implement transport mode in kernel > some way, I didn't review/try the patch, but kernel part seems to be done. > describe it (I think, all the work for third parties will be > implemented through pfkey interface), and wait some time (or may be help > a little) until it'll be implemented in ipsec-tools. > It's not the egg and chicken problem, may be the kernel must be the > first. Or may be I'm not in theme so deep? Is it really some sort or big > and principal incompatibilities with ipsec-tools? That's why I took the pr a while ago: to have a look at both parts (kernel and ipsec-tools) and try/commit that once patches exists for both. Afaik, no one already worked on the userland part for ipsec-tools (contact me if I'm wrong !). Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120416095945.GA29824>