From owner-freebsd-net@FreeBSD.ORG  Sun Sep 17 15:58:20 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C6D4D16A416
	for <freebsd-net@freebsd.org>; Sun, 17 Sep 2006 15:58:20 +0000 (UTC)
	(envelope-from sullrich@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E2F5843D5D
	for <freebsd-net@freebsd.org>; Sun, 17 Sep 2006 15:58:19 +0000 (GMT)
	(envelope-from sullrich@gmail.com)
Received: by ug-out-1314.google.com with SMTP id m2so320850uge
	for <freebsd-net@freebsd.org>; Sun, 17 Sep 2006 08:58:18 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=K17sfXQtSkZKNF81hRIcvt8W42nhfSxajAsQ/KOpfLA9CL13krxKf1MO5F3OkOCTfdAykqkbJriSmVSAZUxzQxE+N53KLSFs8udbElTxuqwdOKBI1e/FmMjpoZup4SzKflRcCFRfz4yHXyhLnjMgQe0LaHJ725Dif4ggkpN2c9g=
Received: by 10.67.97.7 with SMTP id z7mr6666752ugl;
	Sun, 17 Sep 2006 08:58:18 -0700 (PDT)
Received: by 10.67.105.8 with HTTP; Sun, 17 Sep 2006 08:58:17 -0700 (PDT)
Message-ID: <d5992baf0609170858y107897c9k3039dbcb3d61d39a@mail.gmail.com>
Date: Sun, 17 Sep 2006 11:58:17 -0400
From: "Scott Ullrich" <sullrich@gmail.com>
To: "VANHULLEBUS Yvan" <vanhu_bsd@zeninc.net>
In-Reply-To: <20060917125531.GA1611@jayce.zen.inc>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20060914093034.A83805@gta.com>
	<d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com>
	<20060915091430.A45488@gta.com>
	<d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com>
	<20060917125531.GA1611@jayce.zen.inc>
Cc: freebsd-net@freebsd.org
Subject: Re: FAST_IPSEC NAT-T support
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Sep 2006 15:58:20 -0000

On 9/17/06, VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> wrote:
> Make sure your ipsec-tools port have been recompiled after your system
> has been patched / compiled / upgraded, and use
> /usr/local/sbin/setkey.
>
> FreeBSD's setkey does not (yet ?) support NAT-T extensions at all.

I tried both /sbin/setkey and /usr/locals/bin/setkey and both result
in the same Invalid extension type errors.

builder# ls -la /sbin/setkey
-r-xr-xr-x  1 root  wheel  56456 Jun 16 03:49 /sbin/setkey
builder# ls -la /usr/local/sbin/setkey
-r-xr-xr-x  1 root  wheel  86472 Sep 17 15:54 /usr/local/sbin/setkey

# /sbin/setkey -D
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type

# /usr/local/sbin/setkey -D
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type

Can you think of anything else to try?  I re-compiled ipsec-tools on
the same host before  sending this.

Thanks!