Date: Thu, 31 May 2007 21:12:09 +0200 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: Applying NAT-T patch Message-ID: <20070531191209.GB1627@jayce.zen.inc> In-Reply-To: <200705310937.l4V9bUm4014708@hole.shrew.net> References: <200705310924.l4V9Oc33014634@hole.shrew.net> <200705310937.l4V9bUm4014708@hole.shrew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 31, 2007 at 09:37:30AM +0000, Matthew Grooms wrote: [....] > >The rest of the patch is ok and will be included today. > > > > Does that mean that only a single issue mentioned by Bjoern has not been > addressed in the latest version of the patch set? I integrated Bjoern's patch to my own compile when he sent it, but, I don't understand how, I didn't report his patch to the official NAT-T patch (where I was sure I did it). I just sent another mail in this thread to confirm that the patch is up to date now. > What about the setkey program? Does it need to be patched to read > security associations that use natt extensions? Perhaps the ipsec tools > version can be imported to replace the stock freebsd version? That is another quite old discussion. ipsec-tools's setkey changed quite a lot from system's one, and actually, using the NAT-T patch means "forget system's setkey for at least some features". system's setkey will work as it worked before as soon as it have been recompiled (needed as some PFkey structs size changed), but won't dump NAT-T related informations. To have such informations, you'll have to use ipsec-tools's setkey. > I really hope this makes into head before the 7 branch. Looks like we were all waiting for each others, but it should be better now. Yvan. -- NETASQ http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070531191209.GB1627>