From owner-freebsd-net@FreeBSD.ORG Thu Feb 1 19:12:56 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0E8BD16A400 for ; Thu, 1 Feb 2007 19:12:56 +0000 (UTC) (envelope-from ericx@vineyard.net) Received: from smtp1.vineyard.net (a1.vineyard.net [204.17.195.95]) by mx1.freebsd.org (Postfix) with ESMTP id D733013C4BA for ; Thu, 1 Feb 2007 19:12:55 +0000 (UTC) (envelope-from ericx@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by smtp1.vineyard.net (Postfix) with ESMTP id 519C71581846; Thu, 1 Feb 2007 14:12:55 -0500 (EST) Received: from smtp1.vineyard.net ([127.0.0.1]) by localhost (ace1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 57832-04-6; Thu, 1 Feb 2007 14:12:50 -0500 (EST) Received: from [204.17.195.104] (fortiva.vineyard.net [204.17.195.104]) by smtp1.vineyard.net (Postfix) with ESMTP id 9F179158186A; Thu, 1 Feb 2007 14:12:47 -0500 (EST) Message-ID: <45C23B97.8050402@vineyard.net> Date: Thu, 01 Feb 2007 14:12:23 -0500 From: "Eric W. Bates" User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: VANHULLEBUS Yvan References: <816104.21070.qm@web51907.mail.yahoo.com> <45C21979.2080002@vineyard.net> <20070201165755.GC14658@zen.inc> In-Reply-To: <20070201165755.GC14658@zen.inc> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-ace1 at Vineyard.NET Cc: freebsd-net@freebsd.org Subject: Re: About NAT Traversal X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 19:12:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VANHULLEBUS Yvan wrote: > On Thu, Feb 01, 2007 at 11:46:49AM -0500, Eric W. Bates wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> ashoke saha wrote: >>> basic kame (racoon) as NAT_T for IKE. It did not have >>> kernel support till 6.0. you can take the patch from >>> there. >>> also NAT_T has moved from draft to RFC and do google >>> for NAT_T to get get the RFC's and also read the code >>> in the kernel patch and racoon. >> Thank you. I have installed the patch; but I suspect that deciphering >> the code is beyond my skill level. RFC 3948 is mentioned. I will start >> there. > > Hi. > > You probably don't really need to "decipher" that code, you'll just > need the skill level required to apply a patch to the kernel sources > and recompile your kernel (and recompiling your world is also probably > a good idea), then install the new headers (mainly > /usr/include/net/pfkeyv2.h). > > > Then you'll just have to recompile/reinstall ipsec-tools port, which > will autodetect NAT-T support (to be more exact, which will detect > that your /usr/include/net/pfkeyv2.h has the required structs for > NAT-T support) and which will be recompiled with such support. Great. thanks. I've already got the new kernel; but I neglected to rebuild racoon. I will try that. > > Yvan. > - -- Eric W. Bates ericx@vineyard.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwjuWD1roJTQ4LlERAv8DAKCYom6NqQaYoASRpXdDjVeNHXVUugCfSKzD SAXJ9YEoiPG0ZZvRxsrLxHY= =NV9F -----END PGP SIGNATURE-----