George V. Neville-Neil wrote:
At Thu, 26 Jun 2008 12:56:41 -0700,
julian wrote:
I'm planning on committing it unless someone can provide a reason not
to, as I've seen it working, needed it, and have not seen any bad
byproducts.
I'd be interested to know how you tested it. NAT-T and IPsec are
non-trivial protocols/subsystems that can have far reaching impacts on
the network stack. Also, are you planning to maintain it after
committing it? The biggest problem with NAT-T hasn't been the code,
it's been that the author, who is doing a great job on the code, has
been too busy to maintain it anywhere but at work. That is not a slam
on the person or the code, I have the highest respect for both, but it
reflects and important reality of the situation. Unless you're
stepping up to maintain it as well as commit it I think it should not
be committed. I know the Bjoern has been working hard to pick up the
IPsec stuff in his free time, and I value his input on this subject
quite a bit.
Best,
George
NAT-T is needed for ipsec to work correctly with a bunch of vpn
servers such as the cisco VPN server.
It's been seen by dozens of people to do exactly that.
It's added to every single pfsense and m0n0wall router out there.
Code inspection also shows that it shouldn't compromise non-NAT_T
sessions.
so,
It allows one to do things that many people need.
It doesn't screw up existing applications (that I've ever heard of).
The author is responsive and shows dedication.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
