Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Apr 2012 16:40:03 +0300
From:      Zmiter <zmiterby@gmail.com>
To:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc:        stable@freebsd.org
Subject:   Re: Support for IPSec NAT-T in transoprt mode
Message-ID:  <4F8ACFB3.5040807@gmail.com>
In-Reply-To: <22CC7FDB-162E-44CD-8EEA-0B5B8B560F8B@lists.zabbadoz.net>
References:  <4F87AB6F.4050504@gmail.com> <22CC7FDB-162E-44CD-8EEA-0B5B8B560F8B@lists.zabbadoz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
14.04.2012 19:59, Bjoern A. Zeeb написал:
> On 13. Apr 2012, at 04:28 , Zmiter wrote:
>
>> Hello.
>> Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still in broken state?
> It's not broken; it was never implemented.  No FreeBSD tree shipped does
> support transport mode at this time.  There are patches but you also need
> to fix ipsec-tools or your ike daemon.  If you do the latter I can commit
> the former.
>
> /bz
>
Where could I get that patches? I'd like to test them and to see what 
could I do with them.
And, if it's really so difficult to implement transport mode in kernel 
some way, describe it (I think, all the work for third parties will be 
implemented through pfkey interface), and wait some time (or may be help 
a little) until it'll be implemented in ipsec-tools.
It's not the egg and chicken problem, may be the kernel must be the 
first. Or may be I'm not in theme so deep? Is it really some sort or big 
and principal incompatibilities with ipsec-tools?

Thank a lot
15.04.2012
Zmiter



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F8ACFB3.5040807>