Re: About NAT Traversal
- From: VANHULLEBUS Yvan <vanhu_bsd@xxxxxxxxxx>
- Date: Thu, 1 Feb 2007 17:57:55 +0100
On Thu, Feb 01, 2007 at 11:46:49AM -0500, Eric W. Bates wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ashoke saha wrote:
basic kame (racoon) as NAT_T for IKE. It did not have
kernel support till 6.0. you can take the patch from
there.
also NAT_T has moved from draft to RFC and do google
for NAT_T to get get the RFC's and also read the code
in the kernel patch and racoon.
Thank you. I have installed the patch; but I suspect that deciphering
the code is beyond my skill level. RFC 3948 is mentioned. I will start
there.
Hi.
You probably don't really need to "decipher" that code, you'll just
need the skill level required to apply a patch to the kernel sources
and recompile your kernel (and recompiling your world is also probably
a good idea), then install the new headers (mainly
/usr/include/net/pfkeyv2.h).
Then you'll just have to recompile/reinstall ipsec-tools port, which
will autodetect NAT-T support (to be more exact, which will detect
that your /usr/include/net/pfkeyv2.h has the required structs for
NAT-T support) and which will be recompiled with such support.
Yvan.
--
NETASQ
http://www.netasq.com
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: About NAT Traversal
- From: Eric W. Bates
- Re: About NAT Traversal
- References:
- Re: About NAT Traversal
- From: Eric W. Bates
- Re: About NAT Traversal
- Prev by Date: Re: About NAT Traversal
- Next by Date: Re: ipfw pipe show ... help with output is needed, please.
- Previous by thread: Re: About NAT Traversal
- Next by thread: Re: About NAT Traversal
- Index(es):
Relevant Pages
|
|
