From owner-freebsd-net@FreeBSD.ORG Tue Aug 2 13:53:19 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C61116A41F for ; Tue, 2 Aug 2005 13:53:19 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from corwin.easynet.fr (smarthost160.mail.easynet.fr [212.180.1.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2DAB43D45 for ; Tue, 2 Aug 2005 13:53:18 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from easyconnect2121135-233.clients.easynet.fr ([212.11.35.233] helo=smtp.zeninc.net) by corwin.easynet.fr with esmtp (Exim 4.50) id 1DzxCl-0001ik-CA for freebsd-net@freebsd.org; Tue, 02 Aug 2005 15:53:15 +0200 Received: from localhost.localdomain (spartacus.zen.inc [192.168.1.20]) by smtp.zeninc.net (smtpd) with ESMTP id C78633F61 for ; Tue, 2 Aug 2005 15:53:15 +0200 (CEST) Received: by localhost.localdomain (Postfix, from userid 1000) id AAA0785602; Tue, 2 Aug 2005 15:53:15 +0200 (CEST) Date: Tue, 2 Aug 2005 15:53:15 +0200 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20050802135315.GB12739@zeninc.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i Subject: NAT-T support for IPSec stack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2005 13:53:19 -0000 Hi all. For some months now, ipsec-tools is now the "official" version of racoon, the KAME's isakmp daemon. Ipsec-tools support NAT-Traversal (RFCs 3947 / 3948), but needs some kernel support for that. This kernel support has been done for the Linux 2.6 Kernel for some time, has been done for NetBSD some months ago, and I made a similar patchset for FreeBSD. The FreeBSD 4 patchset is used for some month by various people, and I recently ported it to the FreeBSD 6 kernel source. The first version of this patch can be found here: http://ipsec-tools.sourceforge.net/freebsd6-natt.diff There are still some things to do for this patch, starting by support for FAST_IPSEC (it only works with IPSEC for now) and probably some cleanup (ENABLE_NATT => something else ?, etc...). As I don't want to keep porting such patch over versions, as some people already asked me lots of things about this patch, and as it would be interesting to have it widely used by people, I would be happy to do "what is needed" to have it reported to the FreeBSD source tree. Are you interested in it ? Do you have some comments on the actual version, some things that should be done before reporting it ? Of course, it would also be interesting to have an ipsec-tools port, I'll contact the ports list for such an integration. Yvan.