From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 20:42:03 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFDB1106564A for ; Fri, 12 Dec 2008 20:42:03 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from alf.aws-net.org.ua (alf.aws-net.org.ua [85.90.196.192]) by mx1.freebsd.org (Postfix) with ESMTP id C1BD88FC14 for ; Fri, 12 Dec 2008 20:42:02 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from alf.aws-net.org.ua (alf.aws-net.org.ua [192.168.32.61]) by alf.aws-net.org.ua (8.14.3/8.14.3) with ESMTP id mBCKg0Bp094277 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Dec 2008 22:42:00 +0200 (EET) (envelope-from artem@aws-net.org.ua) Date: Fri, 12 Dec 2008 22:41:55 +0200 (EET) From: Artyom Viklenko To: VANHULLEBUS Yvan In-Reply-To: <20081212175500.GA2573@zeninc.net> Message-ID: References: <20081211122828.CF3958FC16@mx1.freebsd.org> <20081211123958.GA5332@zeninc.net> <200812121845.20262.artem@aws-net.org.ua> <20081212175500.GA2573@zeninc.net> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (alf.aws-net.org.ua [192.168.32.61]); Fri, 12 Dec 2008 22:42:00 +0200 (EET) X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on alf.aws-net.org.ua X-Virus-Status: Clean Cc: freebsd-net@freebsd.org Subject: Re: NAT-T + ipsec integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2008 20:42:03 -0000 On Fri, 12 Dec 2008, VANHULLEBUS Yvan wrote: > On Fri, Dec 12, 2008 at 06:45:20PM +0200, Artyom Viklenko wrote: >> On Thursday 11 December 2008 14:39:58 VANHULLEBUS Yvan wrote: > [....] >>> Actually, you can apply a patch to src/sys and recompile your kernel >>> with IPSEC_NAT_T options. >>> Patches are available here: >>> http://people.freebsd.org/~vanhu/NAT-T/ >> >> And what about patches for 6.4-RELEASE? > > I just not tested on 6.4 (almost all my devices moved to 7.x, and the > remaining ones will stay in 6.3 for various reasons), but 6.3 patch > should work on 6.4 if it compiles cleanly (I did NOT check every > single kernel change between 6.3 and 6.4). > > If people can test it and see some compile/runtime problems, please > report them, I'll try to fix them. Just applied the patch to 6.4-RELEASE. Kernel was compiles successfully and ipsec-tools (racoon) also was compiled successufully with NAT-T. Racoon started and reported about NAT-T support. So far so good! Will try to run IPSec tunnel may be in couple of weeks. Thanks a lot! -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org