Support for IPSec NAT-T in transoprt mode
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Mon Apr 16 10:08:56 UTC 2012
Hi.
On Sun, Apr 15, 2012 at 04:40:03PM +0300, Zmiter wrote:
> 14.04.2012 19:59, Bjoern A. Zeeb ??????????????:
> >On 13. Apr 2012, at 04:28 , Zmiter wrote:
> >
> >>Hello.
> >>Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still
> >>in broken state?
> >It's not broken; it was never implemented. No FreeBSD tree shipped does
> >support transport mode at this time. There are patches but you also need
> >to fix ipsec-tools or your ike daemon. If you do the latter I can commit
> >the former.
> >
> >/bz
> >
> Where could I get that patches? I'd like to test them and to see what
> could I do with them.
You can get kernel patches in kern/146190, but as said in the pr and
by Bjoern, it needs some work on userland (IKE daemon).
> And, if it's really so difficult to implement transport mode in kernel
> some way,
I didn't review/try the patch, but kernel part seems to be done.
> describe it (I think, all the work for third parties will be
> implemented through pfkey interface), and wait some time (or may be help
> a little) until it'll be implemented in ipsec-tools.
> It's not the egg and chicken problem, may be the kernel must be the
> first. Or may be I'm not in theme so deep? Is it really some sort or big
> and principal incompatibilities with ipsec-tools?
That's why I took the pr a while ago: to have a look at both parts
(kernel and ipsec-tools) and try/commit that once patches exists for
both.
Afaik, no one already worked on the userland part for ipsec-tools
(contact me if I'm wrong !).
Yvan.
More information about the freebsd-stable
mailing list