[Bug 217131] [patch] security/ipsec-tools add patch for better NAT-T support

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217131

            Bug ID: 217131
           Summary: [patch] security/ipsec-tools add patch for better
                    NAT-T support
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: vanhu at FreeBSD.org
          Reporter: ae at FreeBSD.org
          Keywords: patch
          Assignee: vanhu at FreeBSD.org
             Flags: maintainer-feedback?(vanhu at FreeBSD.org)

Created attachment 180038
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180038&action=edit
patch

This patch adds NATT_EXTRA_PATCHES=natt.diff and enables only UDP encapsulation
defined in RFC3948.

The natt.diff patch contains the following changes:
* added support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY
messages;
* used NAT address instead of original for SAs created by racoon;
* NAT-T keep-alives now sends only by NATed host.

Several people reported that now they are able to use NAT-T in transport mode
with IPsec from projects/ipsec. However I did not tested how it affects IPsec
implementation from stable/9,10,11. From quick look it should not affect
something that worked earlier.

-- 
You are receiving this mail because:
You are the assignee for the bug.