Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Jan 2006 21:53:33 +0000
From:      Brian Candler <B.Candler@pobox.com>
To:        Alexey Popov <llp@iteranet.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: IPSEC documentation
Message-ID:  <20060120215333.GA48603@uk.tiscali.com>
In-Reply-To: <20051229122549.GA11055@uk.tiscali.com>
References:  <20051228143817.GA6898@uk.tiscali.com> <001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca> <20051228153106.GA7041@uk.tiscali.com> <20051228164339.GB3875@zen.inc> <43B38747.1060906@iteranet.com> <20051229122549.GA11055@uk.tiscali.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, Dec 29, 2005 at 09:50:47AM +0300, Alexey Popov wrote:
> > If we would also have NAT-T support, FreeBSD would be the best choice 
> > of VPN concentrator.

I just saw this patch posted on the ipsec-tools-devel list:
http://ipsec-tools.sf.net/freebsd6-natt.diff

It's for FreeBSD 6 but also seems to apply cleanly to 5.4, apart from one
file which I think needs this instead:

--- ./netinet/in_proto.c.orig	Mon Mar 21 16:05:35 2005
+++ ./netinet/in_proto.c	Fri Jan 20 21:41:59 2006
@@ -108,7 +108,7 @@
   &nousrreqs
 },
 { SOCK_DGRAM,	&inetdomain,	IPPROTO_UDP,	PR_ATOMIC|PR_ADDR,
-  udp_input,	0,		udp_ctlinput,	ip_ctloutput,
+  udp_input,	0,		udp_ctlinput,	udp_ctloutput,
   0,
   udp_init,	0,		0,		0,
   &udp_usrreqs

Haven't tested it yet - just waiting for kernel to recompile :-)

Regards,

Brian.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060120215333.GA48603>