FreeBSD NAT-T patch integration

Sam Leffler sam at
Tue Jul 1 14:56:46 UTC 2008

Larry Baird wrote:
>> And how do I know that it works ?
>> Well, when it doesn't work, I do know it, quite quickly most of the
>> time !
> I have to chime in here.  I did most of the initial porting of the
> NAT-T patches from Kame IPSec to FAST_IPSEC.  I did look at every
> line of code during this process.  I found no security problems during
> the port.  Like Yvan, my company uses the NAT-T patches commercially.
> Like he says, if it had problems, we would hear about it.  If the patches
> don't get commited, I highly suspect Yvan or myself would try to keep the
> patches up todate.  So far I have done FAST_IPSEC pacthes for FreeBSD 4,5,6.  
> Yvan did 7 and 8 by himself.  Keeping up gets to be a pain after a while.  
> I do plan to look at the FreeBSD 7 patches soon, but it sure would be nice
> to see it commited.
This whole issue seems ridiculous.  I've been trying to get the NAT-T 
patches committed for a while but since I'm not setup to do any IPSEC 
testing have deferred to others.  If we need to break a logjam I'll 
pitch in.


More information about the freebsd-net mailing list