[nycbug-talk] road-warrior IPsec setup: looking for references

Chris Buechler cbuechler
Mon Aug 29 11:35:51 EDT 2005


On 8/27/05, Tillman Hodgson <tillman at seekingfire.com> wrote:
<snip>
> * road warriors may be behind NATing firewalls
<snip>

That's the killer right there - FreeBSD does *not* support NAT-T at
this point, so IPsec isn't a viable option for most road warrior type
deployments.  It will not work when the client is behind NAT.

NetBSD does support NAT-T with ipsec-tools, though I can't say I've tried it.  

NAT-T kernel support is still missing at this point from FreeBSD (at
least in 6.0 and earlier as of now, not sure of any plans or timelines
to include it).

As for configuration, there are a couple of FreeBSD-based firewall
projects that have a GUI front end for IPsec, you could just grab the
resultant .conf files to use on a regular FreeBSD box.
http://pfsense.org - ipsec-tools on FreeBSD 6.0
http://m0n0.ch/wall/ - old racoon on FreeBSD 4.11

cheers,
-Chris




More information about the talk mailing list