Date: Tue, 20 Jun 2006 17:30:06 +0200 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: Michael Vince <mv@thebeastie.org> Cc: net@freebsd.org Subject: Re: FAST_IPSEC and NAT-T Message-ID: <20060620153006.GA30732@zen.inc> In-Reply-To: <44981231.4060001@thebeastie.org> References: <4497F777.4040206@thebeastie.org> <20060620135939.GB28424@zen.inc> <44981231.4060001@thebeastie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 21, 2006 at 01:20:17AM +1000, Michael Vince wrote: [NAT-T patch] > OK cool, the thing that really turns my off about that IPSec is when I > reboot with it compiled in says "Expect reduced performance" because its > not mpsafe. > > Also I just tried to compile a kernel with that Nat-T patch on the other > IPSEC kernel on 6.1-release and it failed. > I can't think of anything I have done wrong on this machine its pretty > fresh, I did cvsup with "RELENG_6_1" before hand > maybe there is a tiny enough about of changes since the RELENG_6_1_0 > release for it to fail but I didn't notice anything serious changed, I > also used the new pure C csup over cvsup client. > > The patch installed fine with no errors but the kernel failed to compile > ending with this.. > > /usr/src/sys/netinet/udp_usrreq.c:1046: warning: 'udp4_espinudp' defined > but not used You are compiling without NAT-T support, and this function is not properly #ifdef'ed in the public version of the patch. It has been fixed in the new (not yet available) version, which also provide new features (mainly support for multiple peers behind the same public IP). As ipsec-tools 0.6.6 is out now, I'll update the patch on ipsec-tools website. [....] > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG Add "options IPSEC_NAT_T" here and it will compile. Yvan. -- NETASQ http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060620153006.GA30732>