RE: NAT-T support for IPSec stack
From: Matthew Grooms (mgrooms_at_seton.org)
Date: 08/02/05
- Previous message: VANHULLEBUS Yvan: "NAT-T support for IPSec stack"
- Maybe in reply to: VANHULLEBUS Yvan: "NAT-T support for IPSec stack"
- Next in thread: VANHULLEBUS Yvan: "Re: RE: NAT-T support for IPSec stack"
- Reply: VANHULLEBUS Yvan: "Re: RE: NAT-T support for IPSec stack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 02 Aug 2005 12:34:54 -0500 To: vanhu_bsd@zeninc.net
Woohoo!!! Thanks!!! I was just checking poking around for this last week
and wondering when someone was going to bring this support to FreeBSD.
>For some months now, ipsec-tools is now the "official" version of
>racoon, the KAME's isakmp daemon.
I hope it shows up in ports soon. The racoon port maintainer mentioned
that the most recent import would be the last and the KAME racoon
developer has stated he won't be maintaining the code anymore. A lot of
fixes have shown up in ipsec-tools after the fork from the KAME project
as well as hybrid user authentication support via pam. OpenBSDs isakmpd
supports NAT-T as well. FreeBSD seems to be the straggler here.
If memory serves me right, KAME IPSEC is still not SMP safe at the
moment. It seems like FAST_IPSEC had a caveat as well like it doesn't
work with IPV6 or something like that. Could it be that there is no
developer that 'owns' these subsystems? Perhaps rrwatson has this on his
list of things to attack with his ninja net hacking skills.
>Are you interested in it?
Yes ( as a user ) but I am not a FreeBSD developer. I think there was
initially resistance from open source groups to integrate this support
due to patent issues ( maybe just WRT usage w/ IKEv1 ) but must have
been resolved as both OpenBSD and Linux support this functionality now.
It would be very cool to get NAT-T + ipsec tools support as it opens the
door for FreeBSD to compete with the big boys in the client based VPN
market at some point down the road and offers an IPSEC alternative to
OpenVPN.
>Of course, it would also be interesting to have an ipsec-tools port,
>I'll contact the ports list for such an integration.
Fantastic! The website states that it compiles cleanly and works well on
FreeBSD so it should be a piece of cake.
I am in the process of moving but once settled and upgrade to 6 I will
definitely test out your patches and would be willing to test out any
ipsec-tools port as well. Thanks again for your work on this.
-Matthew
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: VANHULLEBUS Yvan: "NAT-T support for IPSec stack"
- Maybe in reply to: VANHULLEBUS Yvan: "NAT-T support for IPSec stack"
- Next in thread: VANHULLEBUS Yvan: "Re: RE: NAT-T support for IPSec stack"
- Reply: VANHULLEBUS Yvan: "Re: RE: NAT-T support for IPSec stack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
