[ previous ] [ next ] [ threads ]
 
 From:  Scott Ullrich <sullrich at gmail dot com>
 To:  Richard Adams <podilarius at yahoo dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] m0n0wall, racoon and NAT Transversal
 Date:  Thu, 13 Oct 2005 12:46:05 -0400
On 10/13/05, Richard Adams <podilarius at yahoo dot com> wrote:
>
> I don't know if you guys did this by design, but I was searching for racoon and found that it can
to NAT Transversal. This is a compile time option and can be found in the racoon.conf once it is
compiled in. Here is the excerpt from the racoon.conf man page.
>
>
>
> nat_traversal (on | off | force);
>
>                      This directive enables use of the NAT-Traversal IPsec
>
>                      extension (NAT-T).  NAT-T allows one or both peers to
>
>                      reside behind a NAT gateway (i.e., doing address- or
>
>                      port-translation).  Presence of NAT gateways along the
>
>                      path is discovered during phase 1 handshake and if found,
>
>                      NAT-T is negotiated.  When NAT-T is in charge, all ESP
>
>                      and AH packets of a given connection are encapsulated
>
>                      into UDP datagrams (port 4500, by default).  Possible
>
>                      values are:
>
>                      on      NAT-T is used when a NAT gateway is detected
>
>                              between the peers.
>
>                      off     NAT-T is not proposed/accepted.  This is the
>
>                              default.
>
>                      force   NAT-T is used regardless if a NAT is detected
>
>                              between the peers or not.
>
>                      Please note that NAT-T support is a compile-time option.
>
>                      Although it is enabled in the source distribution by
>
>                      default, it may not be available in your particular
>
>                      build.  In that case you will get a warning when using
>
>                      any NAT-T related config options.
>
>
>
> This is all that is missing for me to use m0n0wall. It is a REALLY cool product.

The kernel also needs to support NAT-T.   NetBSD currently has this
support but FreeBSD 4-6 does not.  Until someone ports the NAT-T bits
from NetBSD this will not be doable on FreeBSD/m0n0wall.

Scott