Date: Sun, 15 Apr 2012 16:40:03 +0300 From: Zmiter <zmiterby@gmail.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: stable@freebsd.org Subject: Re: Support for IPSec NAT-T in transoprt mode Message-ID: <4F8ACFB3.5040807@gmail.com> In-Reply-To: <22CC7FDB-162E-44CD-8EEA-0B5B8B560F8B@lists.zabbadoz.net> References: <4F87AB6F.4050504@gmail.com> <22CC7FDB-162E-44CD-8EEA-0B5B8B560F8B@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
14.04.2012 19:59, Bjoern A. Zeeb написал: > On 13. Apr 2012, at 04:28 , Zmiter wrote: > >> Hello. >> Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still in broken state? > It's not broken; it was never implemented. No FreeBSD tree shipped does > support transport mode at this time. There are patches but you also need > to fix ipsec-tools or your ike daemon. If you do the latter I can commit > the former. > > /bz > Where could I get that patches? I'd like to test them and to see what could I do with them. And, if it's really so difficult to implement transport mode in kernel some way, describe it (I think, all the work for third parties will be implemented through pfkey interface), and wait some time (or may be help a little) until it'll be implemented in ipsec-tools. It's not the egg and chicken problem, may be the kernel must be the first. Or may be I'm not in theme so deep? Is it really some sort or big and principal incompatibilities with ipsec-tools? Thank a lot 15.04.2012 Zmiter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F8ACFB3.5040807>