From owner-freebsd-net@FreeBSD.ORG  Thu Dec 29 12:25:55 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 502B516A41F
	for <freebsd-net@freebsd.org>; Thu, 29 Dec 2005 12:25:55 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E310843D4C
	for <freebsd-net@freebsd.org>; Thu, 29 Dec 2005 12:25:53 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn (localhost [127.0.0.1])
	by thorn.pobox.com (Postfix) with ESMTP id 31FBDBA;
	Thu, 29 Dec 2005 07:26:15 -0500 (EST)
Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com
	[212.74.113.67])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id DAD7727EA;
	Thu, 29 Dec 2005 07:26:12 -0500 (EST)
Received: from lists by mappit.local.linnet.org with local (Exim 4.60
	(FreeBSD)) (envelope-from <b.candler@pobox.com>)
	id 1Erwqr-0002t5-OB; Thu, 29 Dec 2005 12:25:49 +0000
Date: Thu, 29 Dec 2005 12:25:49 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Alexey Popov <llp@iteranet.com>
Message-ID: <20051229122549.GA11055@uk.tiscali.com>
References: <20051228143817.GA6898@uk.tiscali.com>
	<001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca>
	<20051228153106.GA7041@uk.tiscali.com>
	<20051228164339.GB3875@zen.inc> <43B38747.1060906@iteranet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <43B38747.1060906@iteranet.com>
User-Agent: Mutt/1.4.2.1i
Cc: freebsd-net@freebsd.org, VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>
Subject: Re: IPSEC documentation
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2005 12:25:55 -0000

On Thu, Dec 29, 2005 at 09:50:47AM +0300, Alexey Popov wrote:
> If we would also have NAT-T support, FreeBSD would be the best choice 
> of VPN concentrator.

/usr/ports/security/ipsec-tools/pkg-descr says:

"Known issues:
- Non-threaded implementation.  Simultaneous key negotiation performance
  should be improved."

I think that would limit its usefulness as a scalable concentrator, if the
comment is still valid.