FreeBSD as a VPN Client Gateway ...

[Eric Masson]

VANHULLEBUS Yvan <vanhu_bsd at zeninc.net> writes:

Hi Yvan,

> It should work (I'm compiling it with a modified 6.1-PRERELEASE, but
> did not tried for now with just 6.1-PRERELEASE+NAT6T patch).

I've forced natt support in the Makefile.

> Could you send me the logs ?

Asap, I have to make some place on my laptop and then transfer the
vmware image I use for these tests.

> nat-t support detection is quite bad actually (and not only with
> FreeBSD), as it just detects NAT-T support in kernel includes, not in
> compiled kernel.

That's what I've seen

> Have a look at your /usr/include/net/pfkeyv2.h, and see if you have
> some NAT-T related stuff.

This file contains the structure that the configure generated program
tries to use.

> I didn't have news about patent issues recently.

Nice.

> There are still some works to do on the patch, especially:
>
> - sync with Manu's recent works on NetBSD (support for multiple peers
>   behind the same address).
>
> It should not take too long to do that, and I'll work on it within
> next weeks.
>
> - port to FAST_IPSEC. Once again, it should not take too much time to
>   do that. I was waiting for George's works on PFKey interface, but
>   looks like it won't really be a problem to merge both works, so I'll
>   probably do it "soon".

Would be nice, as KAME ipsec stack doesn't seem to have locked atm (the
box I plan to use is an old dual ppro)

> But the actual version of the patch is already good enough for
> integration if FreeBSd's team wants it, there are just some
> (temporary) limitations which needs to be know.

Great, I'll post the configure log asa the box and I are ready ;)

Éric

-- 
 Tous cela, il faut que ça change. Je PAYE mon abonnement Internet et
 j'exige que mon vote et mes opinions soient pris en considération.
 -+- Rocou In GNU - Les payeurs ne sont pas les conseilleurs -+-