About NAT Traversal
Eric W. Bates
ericx at vineyard.net
Thu Feb 1 19:12:56 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
VANHULLEBUS Yvan wrote:
> On Thu, Feb 01, 2007 at 11:46:49AM -0500, Eric W. Bates wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> ashoke saha wrote:
>>> basic kame (racoon) as NAT_T for IKE. It did not have
>>> kernel support till 6.0. you can take the patch from
>>> there.
>>> also NAT_T has moved from draft to RFC and do google
>>> for NAT_T to get get the RFC's and also read the code
>>> in the kernel patch and racoon.
>> Thank you. I have installed the patch; but I suspect that deciphering
>> the code is beyond my skill level. RFC 3948 is mentioned. I will start
>> there.
>
> Hi.
>
> You probably don't really need to "decipher" that code, you'll just
> need the skill level required to apply a patch to the kernel sources
> and recompile your kernel (and recompiling your world is also probably
> a good idea), then install the new headers (mainly
> /usr/include/net/pfkeyv2.h).
>
>
> Then you'll just have to recompile/reinstall ipsec-tools port, which
> will autodetect NAT-T support (to be more exact, which will detect
> that your /usr/include/net/pfkeyv2.h has the required structs for
> NAT-T support) and which will be recompiled with such support.
Great. thanks.
I've already got the new kernel; but I neglected to rebuild racoon. I
will try that.
>
> Yvan.
>
- --
Eric W. Bates
ericx at vineyard.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFwjuWD1roJTQ4LlERAv8DAKCYom6NqQaYoASRpXdDjVeNHXVUugCfSKzD
SAXJ9YEoiPG0ZZvRxsrLxHY=
=NV9F
-----END PGP SIGNATURE-----
More information about the freebsd-net
mailing list