Subject: Re: IPsec question
To: Dan McMahill <mcmahill@mtl.mit.edu>
From: Jukka Marin <jmarin@embedtronics.fi>
List: netbsd-users
Date: 08/14/2003 08:58:16
On Wed, Aug 13, 2003 at 09:57:56PM -0400, Dan McMahill wrote:
> I have what I think is probably a simple IPsec question.
> When linksys and other similar vendors say their little hardware
> firewalls support"IPsec passthru" what exactly do they mean and how
> do I get the same thing out of a netbsd+ipf based firewall?

I think you need to pass ESP protocol in both directions as well as
UDP protocol to and from port 500 (for IKE).

I don't know if NetBSD's NAT supports IPsec (IKE)..

> If I understand it correctly this just would say let the IPSEC packets
> through?  Or do I even need an IPSEC kernel to do "passthru"?

I don't think you need an IPsec kernel at all.

  -jm