From owner-freebsd-net@FreeBSD.ORG Fri Jan 20 21:53:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B02B16A41F for ; Fri, 20 Jan 2006 21:53:38 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id B77A943D4C for ; Fri, 20 Jan 2006 21:53:37 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 5ADA3D0; Fri, 20 Jan 2006 16:53:58 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 1D92869AF; Fri, 20 Jan 2006 16:53:57 -0500 (EST) Received: from lists by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1F04CM-000DI9-09; Fri, 20 Jan 2006 21:53:34 +0000 Date: Fri, 20 Jan 2006 21:53:33 +0000 From: Brian Candler To: Alexey Popov Message-ID: <20060120215333.GA48603@uk.tiscali.com> References: <20051228143817.GA6898@uk.tiscali.com> <001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca> <20051228153106.GA7041@uk.tiscali.com> <20051228164339.GB3875@zen.inc> <43B38747.1060906@iteranet.com> <20051229122549.GA11055@uk.tiscali.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051229122549.GA11055@uk.tiscali.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: IPSEC documentation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 21:53:38 -0000 > On Thu, Dec 29, 2005 at 09:50:47AM +0300, Alexey Popov wrote: > > If we would also have NAT-T support, FreeBSD would be the best choice > > of VPN concentrator. I just saw this patch posted on the ipsec-tools-devel list: http://ipsec-tools.sf.net/freebsd6-natt.diff It's for FreeBSD 6 but also seems to apply cleanly to 5.4, apart from one file which I think needs this instead: --- ./netinet/in_proto.c.orig Mon Mar 21 16:05:35 2005 +++ ./netinet/in_proto.c Fri Jan 20 21:41:59 2006 @@ -108,7 +108,7 @@ &nousrreqs }, { SOCK_DGRAM, &inetdomain, IPPROTO_UDP, PR_ATOMIC|PR_ADDR, - udp_input, 0, udp_ctlinput, ip_ctloutput, + udp_input, 0, udp_ctlinput, udp_ctloutput, 0, udp_init, 0, 0, 0, &udp_usrreqs Haven't tested it yet - just waiting for kernel to recompile :-) Regards, Brian.