[ previous ] [ next ] [ threads ]
 
 From:  Richard Adams <podilarius at yahoo dot com>
 To:  Scott Ullrich <sullrich at gmail dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] m0n0wall, racoon and NAT Transversal
 Date:  Thu, 13 Oct 2005 10:51:04 -0700 (PDT)
I found this in the ipsec-tools cvs. Appearantly this will "patch" files so that you can add nat-t
kernel support for FreeBSD. I hope this helps. 
 
http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/htdocs/freebsd_nat-t.diff?rev=1.4&sortby=date&view=log

Scott Ullrich <sullrich at gmail dot com> wrote:On 10/13/05, Richard Adams 
wrote:
>
> I don't know if you guys did this by design, but I was searching for racoon and found that it can
to NAT Transversal. This is a compile time option and can be found in the racoon.conf once it is
compiled in. Here is the excerpt from the racoon.conf man page.
>
>
>
> nat_traversal (on | off | force);
>
> This directive enables use of the NAT-Traversal IPsec
>
> extension (NAT-T). NAT-T allows one or both peers to
>
> reside behind a NAT gateway (i.e., doing address- or
>
> port-translation). Presence of NAT gateways along the
>
> path is discovered during phase 1 handshake and if found,
>
> NAT-T is negotiated. When NAT-T is in charge, all ESP
>
> and AH packets of a given connection are encapsulated
>
> into UDP datagrams (port 4500, by default). Possible
>
> values are:
>
> on NAT-T is used when a NAT gateway is detected
>
> between the peers.
>
> off NAT-T is not proposed/accepted. This is the
>
> default.
>
> force NAT-T is used regardless if a NAT is detected
>
> between the peers or not.
>
> Please note that NAT-T support is a compile-time option.
>
> Although it is enabled in the source distribution by
>
> default, it may not be available in your particular
>
> build. In that case you will get a warning when using
>
> any NAT-T related config options.
>
>
>
> This is all that is missing for me to use m0n0wall. It is a REALLY cool product.

The kernel also needs to support NAT-T. NetBSD currently has this
support but FreeBSD 4-6 does not. Until someone ports the NAT-T bits
from NetBSD this will not be doable on FreeBSD/m0n0wall.

Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch



		
---------------------------------
 Yahoo! Music Unlimited - Access over 1 million songs. Try it free.