On Thu, Feb 01, 2007 at 11:46:49AM -0500, Eric W. Bates wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ashoke saha wrote: > > basic kame (racoon) as NAT_T for IKE. It did not have > > kernel support till 6.0. you can take the patch from > > there. > > also NAT_T has moved from draft to RFC and do google > > for NAT_T to get get the RFC's and also read the code > > in the kernel patch and racoon. > > Thank you. I have installed the patch; but I suspect that deciphering > the code is beyond my skill level. RFC 3948 is mentioned. I will start > there.
Hi. You probably don't really need to "decipher" that code, you'll just need the skill level required to apply a patch to the kernel sources and recompile your kernel (and recompiling your world is also probably a good idea), then install the new headers (mainly /usr/include/net/pfkeyv2.h). Then you'll just have to recompile/reinstall ipsec-tools port, which will autodetect NAT-T support (to be more exact, which will detect that your /usr/include/net/pfkeyv2.h has the required structs for NAT-T support) and which will be recompiled with such support. Yvan. -- NETASQ http://www.netasq.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
