Hi.
On Sun, Apr 15, 2012 at 04:40:03PM +0300, Zmiter wrote: > 14.04.2012 19:59, Bjoern A. Zeeb ??????????????: > >On 13. Apr 2012, at 04:28 , Zmiter wrote: > > > >>Hello. > >>Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's still > >>in broken state? > >It's not broken; it was never implemented. No FreeBSD tree shipped does > >support transport mode at this time. There are patches but you also need > >to fix ipsec-tools or your ike daemon. If you do the latter I can commit > >the former. > > > >/bz > > > Where could I get that patches? I'd like to test them and to see what > could I do with them. You can get kernel patches in kern/146190, but as said in the pr and by Bjoern, it needs some work on userland (IKE daemon). > And, if it's really so difficult to implement transport mode in kernel > some way, I didn't review/try the patch, but kernel part seems to be done. > describe it (I think, all the work for third parties will be > implemented through pfkey interface), and wait some time (or may be help > a little) until it'll be implemented in ipsec-tools. > It's not the egg and chicken problem, may be the kernel must be the > first. Or may be I'm not in theme so deep? Is it really some sort or big > and principal incompatibilities with ipsec-tools? That's why I took the pr a while ago: to have a look at both parts (kernel and ipsec-tools) and try/commit that once patches exists for both. Afaik, no one already worked on the userland part for ipsec-tools (contact me if I'm wrong !). Yvan. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
