[nycbug-talk] road-warrior IPsec setup: looking for references

Josh McCormack joshmccormack
Wed Aug 31 00:12:38 EDT 2005


OpenBSD has supported it since 3.6 apparently: "Turn isakmpd(8) NAT-T 
support on. The crowd goes wild." - http://www.openbsd.org/plus36.html

Using OpenVPN negates the need, too.

Josh

Chris Buechler wrote:

> On 8/27/05, Tillman Hodgson <tillman at seekingfire.com> wrote:
> <snip>
> 
>>* road warriors may be behind NATing firewalls
> 
> <snip>
> 
> That's the killer right there - FreeBSD does *not* support NAT-T at
> this point, so IPsec isn't a viable option for most road warrior type
> deployments.  It will not work when the client is behind NAT.
> 
> NetBSD does support NAT-T with ipsec-tools, though I can't say I've tried it.  
> 
> NAT-T kernel support is still missing at this point from FreeBSD (at
> least in 6.0 and earlier as of now, not sure of any plans or timelines
> to include it).
> 
> As for configuration, there are a couple of FreeBSD-based firewall
> projects that have a GUI front end for IPsec, you could just grab the
> resultant .conf files to use on a regular FreeBSD box.
> http://pfsense.org - ipsec-tools on FreeBSD 6.0
> http://m0n0.ch/wall/ - old racoon on FreeBSD 4.11
> 
> cheers,
> -Chris
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
> 




More information about the talk mailing list