NAT-T + ipsec integration

VANHULLEBUS Yvan vanhu at FreeBSD.org
Thu Dec 11 04:39:41 PST 2008


On Thu, Dec 11, 2008 at 04:02:01AM -0800, Gabe wrote:
> Hello all

Hi.

> Does anyone know how to enable nat traversal on freebsd?
> 
> I've got a site to site ipsec tunnel setup but clients behind the
> nat can't vpn through it. Any help would be appreciated.


Actually, you can apply a patch to src/sys and recompile your kernel
with IPSEC_NAT_T options.
Patches are available here:
http://people.freebsd.org/~vanhu/NAT-T/


You can also try to play with Perforce's branch, but it is still work
in progress to have a cleaned up version of PFKey interface (it may
work, but I just started to set up some testing hosts).



To answer the question some people may ask in this thread: the whole
patch should be included in TRUNK as soon as PFKey cleanup will be
done (which means "implemented + heavilly tested + reviewed").



Yvan.


More information about the freebsd-net mailing list