Subject: [HEADS-UP] IPsec NAT Traversal fixes
To: None <>
From: Emmanuel Dreyfus <>
List: current-users
Date: 04/23/2005 16:22:24

I committed fixes to the IPSEC_NAT_T kernel option. Before the fixes, we
were not able to handle proprely the situation where multiple peers
where hidden behind the same NAT. This is now fixed.

Some support is also required in racoon to have the whole thing working.
The appropriate fixes have been committed in ipsec-tools CVS but have
not been imported in NetBSD yet. Check out HEAD of ipsec-tools if you
want to give it a try, or wait for me to import it to NetBSD.  

There is a possible regression withthis kernel change: I'm not 100% sure
that racoon is still able to work in any situation when *not* using
NAT-T. Please test it and report any problem to me.

I'll now work on NAT-T for FAST_IPSEC. Why do we have two IPsec
implementations, BTW?

Emmanuel Dreyfus