About NAT Traversal
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Thu Feb 1 16:57:58 UTC 2007
On Thu, Feb 01, 2007 at 11:46:49AM -0500, Eric W. Bates wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ashoke saha wrote:
> > basic kame (racoon) as NAT_T for IKE. It did not have
> > kernel support till 6.0. you can take the patch from
> > there.
> > also NAT_T has moved from draft to RFC and do google
> > for NAT_T to get get the RFC's and also read the code
> > in the kernel patch and racoon.
>
> Thank you. I have installed the patch; but I suspect that deciphering
> the code is beyond my skill level. RFC 3948 is mentioned. I will start
> there.
Hi.
You probably don't really need to "decipher" that code, you'll just
need the skill level required to apply a patch to the kernel sources
and recompile your kernel (and recompiling your world is also probably
a good idea), then install the new headers (mainly
/usr/include/net/pfkeyv2.h).
Then you'll just have to recompile/reinstall ipsec-tools port, which
will autodetect NAT-T support (to be more exact, which will detect
that your /usr/include/net/pfkeyv2.h has the required structs for
NAT-T support) and which will be recompiled with such support.
Yvan.
--
NETASQ
http://www.netasq.com
More information about the freebsd-net
mailing list