Date: Sun, 17 Sep 2006 14:55:31 +0200 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support Message-ID: <20060917125531.GA1611@jayce.zen.inc> In-Reply-To: <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com> References: <20060914093034.A83805@gta.com> <d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com> <20060915091430.A45488@gta.com> <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 15, 2006 at 12:07:58PM -0400, Scott Ullrich wrote: [....] > Next problem that I have encountered (with FAST_IPSEC) is: > > # /sbin/setkey -D > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > > Let me know if I can do any further testing, still waiting for status > reports from a few of the pfSense users, but IPSEC seems to work okay > even with this small cosmetic setkey issue. Make sure your ipsec-tools port have been recompiled after your system has been patched / compiled / upgraded, and use /usr/local/sbin/setkey. FreeBSD's setkey does not (yet ?) support NAT-T extensions at all. Yvan. -- NETASQ http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060917125531.GA1611>