From owner-freebsd-net@FreeBSD.ORG Mon Sep 18 17:45:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 451FC16A403 for ; Mon, 18 Sep 2006 17:45:22 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 447C443D7B for ; Mon, 18 Sep 2006 17:45:12 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id E3A601FFDD8; Mon, 18 Sep 2006 19:45:10 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id F3F991FFDD6; Mon, 18 Sep 2006 19:45:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 6171D444871; Mon, 18 Sep 2006 17:41:40 +0000 (UTC) Date: Mon, 18 Sep 2006 17:41:40 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: VANHULLEBUS Yvan In-Reply-To: <20060918155235.GA26545@zen.inc> Message-ID: <20060918174035.N2478@maildrop.int.zabbadoz.net> References: <20060914093034.A83805@gta.com> <20060915091430.A45488@gta.com> <20060917125531.GA1611@jayce.zen.inc> <20060918145200.GA26025@zen.inc> <20060918145727.F2478@maildrop.int.zabbadoz.net> <20060918155235.GA26545@zen.inc> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 17:45:22 -0000 On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: > On Mon, Sep 18, 2006 at 03:04:04PM +0000, Bjoern A. Zeeb wrote: >> On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: >> >>> By default in FreeBSd's port, NAT-T support is enabled if support is >>> detected on the system (checks for some structs in >>> include/net/pfkeyv2.h). >>> >>> Can you compile again ipsec-tools port, but not clean it, and check in >>> config.h if you have NAT-T support enabled. >> >> What I had found in the past is that the port (more exactly >> ipsec-tools) does not complain if configure is run with >> --enable-natt but the correct header files are no there. It silently >> continues and just disables natt support. >> That beahvior would be fine for "autodetect" but not for a command >> line option that says "I want natt support and you give me". > > By default, I have set the value of port's configuration to "kernel", > which is exactly "use it if supported". could you change that in the port to "yes" then. If NATT is enabled the build must fail else the choice in make config does not make any sense - does it? -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT