[ previous ] [ next ] [ threads ]
 
 From:  Scott Ullrich <sullrich at gmail dot com>
 To:  Richard Adams <podilarius at yahoo dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] m0n0wall, racoon and NAT Transversal
 Date:  Thu, 13 Oct 2005 13:55:03 -0400
Wow.  Good find!   I will check this out and report back my findings.

Scott


On 10/13/05, Richard Adams <podilarius at yahoo dot com> wrote:
> I found this in the ipsec-tools cvs. Appearantly this will "patch" files so
> that you can add nat-t kernel support for FreeBSD. I hope this helps.
>
>
http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/htdocs/freebsd_nat-t.diff?rev=1.4&sortby=date&view=log
>
> Scott Ullrich <sullrich at gmail dot com> wrote:
> On 10/13/05, Richard Adams wrote:
> >
> > I don't know if you guys did this by design, but I was searching for
> racoon and found that it can to NAT Transversal. This is a compile time
> option and can be found in the racoon.conf once it is compiled in. Here is
> the excerpt from the racoon.conf man page.
> >
> >
> >
> > nat_traversal (on | off | force);
> >
> > This directive enables use of the NAT-Traversal IPsec
> >
> > extension (NAT-T). NAT-T allows one or both peers to
> >
> > reside behind a NAT gateway (i.e., doing address- or
> >
> > port-translation). Presence of NAT gateways along the
> >
> > path is discovered during phase 1 handshake and if found,
> >
> > NAT-T is negotiated. When NAT-T is in charge, all ESP
> >
> > and AH packets of a given connection are encapsulated
> >
> > into UDP datagrams (port 4500, by default). Possible
> >
> > values are:
> >
> > on NAT-T is used when a NAT gateway is detected
> >
> > between the peers.
> >
> > off NAT-T is not proposed/accepted. This is the
> >
> > default.
> >
> > force NAT-T is used regardless if a NAT is detected
> >
> > between the peers or not.
> >
> > Please note that NAT-T support is a compile-time option.
> >
> > Although it is enabled in the source distribution by
> >
> > default, it may not be available in your particular
> >
> > build. In that case you will get a warning when using
> >
> > any NAT-T related config options.
> >
> >
> >
> > This is all that is missing for me to use m0n0wall. It is a REALLY cool
> product.
>
> The kernel also needs to support NAT-T. NetBSD currently has this
> support but FreeBSD 4-6 does not. Until someone ports the NAT-T bits
> from NetBSD this will not be doable on FreeBSD/m0n0wall.
>
> Scott
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>
>
>
>  ________________________________
>  Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
>
>