NAT-T + ipsec integration
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Sun Dec 14 02:14:49 PST 2008
On Fri, Dec 12, 2008 at 01:50:12PM -0500, Stephen Clark wrote:
[...]
> Are there any restrictions for nat-t on freebsd-6, like number of vpns that
> can be natted?
NAT-T generates quite no more restrictions than non NAT-T tunnels.
Number of VPN tunnels may be a little bit lower with NAT-T than
without: we do know that PFKey's buffer is the actual limitation when
increasing number of SPD/SAD entries, and entries with NAT-T will
generate (a few) more data per entry.
I don't have exact numbers to provide to you, but expect number of
running NAT-T tunnels to be a bit lower than without NAT-T.
This is the only limit AFAIK.
Yvan.
More information about the freebsd-net
mailing list