From owner-freebsd-net@FreeBSD.ORG Mon Sep 18 16:21:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A39A16A40F for ; Mon, 18 Sep 2006 16:21:15 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17DFF43D46 for ; Mon, 18 Sep 2006 16:21:02 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so400147uge for ; Mon, 18 Sep 2006 09:21:01 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Bx1q6tCVeHxUvII3qc+KgxqILghh2YbQi/7xRcaqnPpbwV+kBeLUGFc7Klw+YSjPLj9jCN606r+zP+mW/jHfPzjIEKpyeWdW2VC0iCVsLMIe/gXv/DqiRu6SabVwWTcoGd/e5rQTEssBQirSHoEiUoPs4L+9eM82IGnD5cbuh4Y= Received: by 10.67.89.5 with SMTP id r5mr7326723ugl; Mon, 18 Sep 2006 09:21:01 -0700 (PDT) Received: by 10.67.105.8 with HTTP; Mon, 18 Sep 2006 09:20:59 -0700 (PDT) Message-ID: Date: Mon, 18 Sep 2006 12:20:59 -0400 From: "Scott Ullrich" To: "VANHULLEBUS Yvan" In-Reply-To: <20060918155235.GA26545@zen.inc> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060914093034.A83805@gta.com> <20060915091430.A45488@gta.com> <20060917125531.GA1611@jayce.zen.inc> <20060918145200.GA26025@zen.inc> <20060918145727.F2478@maildrop.int.zabbadoz.net> <20060918155235.GA26545@zen.inc> Cc: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 16:21:15 -0000 On 9/18/06, VANHULLEBUS Yvan wrote: > By default, I have set the value of port's configuration to "kernel", > which is exactly "use it if supported". > > I just checked ./configure --enable-natt=yes (which forces NAT-T > support) on a FreeBSD 6.1 without NAT-T patchset, and I got that: > > checking kernel NAT-Traversal support... checking for struct > sadb_x_nat_t_type.sadb_x_nat_t_type_len... no > no > checking whether to support NAT-T... yes > configure: error: NAT-T requested, but no kernel support! Aborting. > > > If I start again with just --enable-natt, I get the same. > > if I use --enable-natt=kernel, I'll have: > > checking kernel NAT-Traversal support... checking for struct > sadb_x_nat_t_type.sadb_x_nat_t_type_len... no > no > checking whether to support NAT-T... no > checking which NAT-T versions to support... none > [etc....] > > > If you are able to reproduce that problem, please send me at least the > output of configure, and, if possible, the corresponding part of > config.log ! Hello, here is what I attempted: 1. Reinstalled kernel with NAT-T support 2. cd /usr/ports/security/ipsec-tools && make rmconfig && make install * Selected NAT-T support The portions of configure that mentions NAT-T: builder# make | grep NAT-T ===> ATTENTION: You need a kernel patch to enable NAT-Traversal functionality! checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no checking whether to support NAT-T... no checking which NAT-T versions to support... none And finally the config.log file (rather long so I posted to my home directory): http://www.pfsense.com/~sullrich/logs/ipsec-tools/config.log Thanks for all your help! Scott