[ previous ] [ next ] [ threads ]
 
 From:  Richard Adams <podilarius at yahoo dot com>
 To:  Scott Ullrich <sullrich at gmail dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] m0n0wall, racoon and NAT Transversal
 Date:  Wed, 9 Nov 2005 09:45:27 -0800 (PST)
If you can create a CD image relatively easy I can test for you.
Let me know.
Thanks,
Richard.

Scott Ullrich <sullrich at gmail dot com> wrote: 
The patch seems to apply just fine to RELENG_6 but I honestly have not
had a chance to test it. Somewhat time strapped for the next month.

Scott


On 11/9/05, Richard Adams 
wrote:
> Just a bump to see how things are going.
>
> Scott Ullrich wrote:
> Wow. Good find! I will check this out and report back my findings.
>
> Scott
>
>
> On 10/13/05, Richard Adams wrote:
> > I found this in the ipsec-tools cvs. Appearantly this will "patch" files
> so
> > that you can add nat-t kernel support for FreeBSD. I hope this helps.
> >
> >
>
http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/htdocs/freebsd_nat-t.diff?rev=1.4&sortby=date&view=log
> >
> > Scott Ullrich wrote:
> > On 10/13/05, Richard Adams wrote:
> > >
> > > I don't know if you guys did this by design, but I was searching for
> > racoon and found that it can to NAT Transversal. This is a compile time
> > option and can be found in the racoon.conf once it is compiled in. Here is
> > the excerpt from the racoon.conf man page.
> > >
> > >
> > >
> > > nat_traversal (on | off | force);
> > >
> > > This directive enables use of the NAT-Traversal IPsec
> > >
> > > extension (NAT-T). NAT-T allows one or both peers to
> > >
> > > reside behind a NAT gateway (i.e., doing address- or
> > >
> > > port-translation). Presence of NAT gateways along the
> > >
> > > path is discovered during phase 1 handshake and if found,
> > >
> > > NAT-T is negotiated. When NAT-T is in charge, all ESP
> > >
> > > and AH packets of a given connection are encapsulated
> > >
> > > into UDP datagrams (port 4500, by default). Possible
> > >
> > > values are:
> > >
> > > on NAT-T is used when a NAT gateway is detected
> > >
> > > between the peers.
> > >
> > > off NAT-T is not proposed/accepted. This is the
> > >
> > > default.
> > >
> > > force NAT-T is used regardless if a NAT is detected
> > >
> > > between the peers or not.
> > >
> > > Please note that NAT-T support is a compile-time option.
> > >
> > > Although it is enabled in the source distribution by
> > >
> > > default, it may not be available in your particular
> > >
> > > build. In that case you will get a warning when using
> > >
> > > any NAT-T related config options.
> > >
> > >
> > >
> > > This is all that is missing for me to use m0n0wall. It is a REALLY cool
> > product.
> >
> > The kernel also needs to support NAT-T. NetBSD currently has this
> > support but FreeBSD 4-6 does not. Until someone ports the NAT-T bits
> > from NetBSD this will not be doable on FreeBSD/m0n0wall.
> >
> > Scott
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >
> >
> >
> > ________________________________
> > Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
> >
> >
>
>
> ________________________________
> Yahoo! FareChase - Search multiple travel sites in one click.
>
>



		
---------------------------------
 Yahoo! FareChase - Search multiple travel sites in one click.