[Bug 217131] [patch] security/ipsec-tools add patch for better NAT-T support
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Feb 16 10:31:09 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217131
Bug ID: 217131
Summary: [patch] security/ipsec-tools add patch for better
NAT-T support
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: vanhu at FreeBSD.org
Reporter: ae at FreeBSD.org
Keywords: patch
Assignee: vanhu at FreeBSD.org
Flags: maintainer-feedback?(vanhu at FreeBSD.org)
Created attachment 180038
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180038&action=edit
patch
This patch adds NATT_EXTRA_PATCHES=natt.diff and enables only UDP encapsulation
defined in RFC3948.
The natt.diff patch contains the following changes:
* added support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY
messages;
* used NAT address instead of original for SAs created by racoon;
* NAT-T keep-alives now sends only by NATed host.
Several people reported that now they are able to use NAT-T in transport mode
with IPsec from projects/ipsec. However I did not tested how it affects IPsec
implementation from stable/9,10,11. From quick look it should not affect
something that worked earlier.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list