From owner-freebsd-net@FreeBSD.ORG Thu Feb 1 16:57:58 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 08B4E16A400 for ; Thu, 1 Feb 2007 16:57:58 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id C530E13C4A7 for ; Thu, 1 Feb 2007 16:57:57 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: by smtp.zeninc.net (smtpd, from userid 1000) id 0546E3F17; Thu, 1 Feb 2007 17:57:55 +0100 (CET) Date: Thu, 1 Feb 2007 17:57:55 +0100 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20070201165755.GC14658@zen.inc> References: <816104.21070.qm@web51907.mail.yahoo.com> <45C21979.2080002@vineyard.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45C21979.2080002@vineyard.net> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: About NAT Traversal X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 16:57:58 -0000 On Thu, Feb 01, 2007 at 11:46:49AM -0500, Eric W. Bates wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ashoke saha wrote: > > basic kame (racoon) as NAT_T for IKE. It did not have > > kernel support till 6.0. you can take the patch from > > there. > > also NAT_T has moved from draft to RFC and do google > > for NAT_T to get get the RFC's and also read the code > > in the kernel patch and racoon. > > Thank you. I have installed the patch; but I suspect that deciphering > the code is beyond my skill level. RFC 3948 is mentioned. I will start > there. Hi. You probably don't really need to "decipher" that code, you'll just need the skill level required to apply a patch to the kernel sources and recompile your kernel (and recompiling your world is also probably a good idea), then install the new headers (mainly /usr/include/net/pfkeyv2.h). Then you'll just have to recompile/reinstall ipsec-tools port, which will autodetect NAT-T support (to be more exact, which will detect that your /usr/include/net/pfkeyv2.h has the required structs for NAT-T support) and which will be recompiled with such support. Yvan. -- NETASQ http://www.netasq.com