On 9/28/06, Matthew Grooms <[EMAIL PROTECTED]> wrote:
All,
I had recently been contacted by a user that was attempting to use my
free 2K/XP IPSEC client with pfsense. The racoon key daemon was tripping
up over a modecfg exchange that wasn't supported by the version of
ipsec-tools installed. My reference gateway platform is FreeBSD so I
think he assumed that most options supported by ipsec-tools and FreeBSD
would be available in pfsense. I wasn't sure, so I thought I would post
a question to the list.
I think we pretty much support everything that FreeBSD 6.1 supports.
It'd be interesting to know what mode(s) were being requested that we
don't allow though.
What IPSEC features does pfsense support via its web config interface
and are there plans to support the more advanced IPSEC client access
feature of racoon? The ipsec-tools project is about to branch for a 0.7
release which contains a lot of new stuff. Mostly, the changes are
related to dynamic client configuration and enhanced user authentication
support. There is also an updated NAT Traversal patch available for
FreeBSD that works with FAST_IPSEC as well as the KAME IPSEC stack.
Yep, Scott has been somewhat involved in recent threads regarding
NAT-T. We don't currently support it and it's yet to be determined if
that patch will make it into our 1.0 release as we had some reports of
IPSEC issues after applying the patch (which may or may not have been
related to the patch unfortunately).
--Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
