From owner-freebsd-net@FreeBSD.ORG  Fri Sep 15 16:08:01 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2947916A403
	for <freebsd-net@freebsd.org>; Fri, 15 Sep 2006 16:08:01 +0000 (UTC)
	(envelope-from sullrich@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3892343D45
	for <freebsd-net@freebsd.org>; Fri, 15 Sep 2006 16:08:00 +0000 (GMT)
	(envelope-from sullrich@gmail.com)
Received: by ug-out-1314.google.com with SMTP id m2so198949uge
	for <freebsd-net@freebsd.org>; Fri, 15 Sep 2006 09:07:59 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=pqdzMWL9lHxK09ZKVYaEqGuoT4X8YqeavRtwy2ODDGGJhQO5IGSOBYn/qQLC5UZC1EOW7Tojqyn1s42kkMtyLkJ5QJyWTs8DvT55w8F8zlwW6bJcZKQDwczs27kI0ICepuJwuY9fNuJ9QoH1z20mDyln75sJUh40L7JUsTpkc7w=
Received: by 10.67.119.5 with SMTP id w5mr5468571ugm;
	Fri, 15 Sep 2006 09:07:58 -0700 (PDT)
Received: by 10.67.105.8 with HTTP; Fri, 15 Sep 2006 09:07:58 -0700 (PDT)
Message-ID: <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com>
Date: Fri, 15 Sep 2006 12:07:58 -0400
From: "Scott Ullrich" <sullrich@gmail.com>
To: "Larry Baird" <lab@gta.com>
In-Reply-To: <20060915091430.A45488@gta.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20060914093034.A83805@gta.com>
	<d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com>
	<20060915091430.A45488@gta.com>
Cc: freebsd-net@freebsd.org
Subject: Re: FAST_IPSEC NAT-T support
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2006 16:08:01 -0000

On 9/15/06, Larry Baird <lab@gta.com> wrote:
> On Thu, Sep 14, 2006 at 09:43:38PM -0400, Scott Ullrich wrote:
> > On 9/14/06, Larry Baird <lab@gta.com> wrote:
> > > Please find attached two patches for adding FAST_IPSEC NAT-T support to
> > > FreeBSD 6.x.  The patch "freebsd6-fastipsec-natt.diff" is dependent
> > > upon Yvan's IPSEC NAT-T patch "freebsd6-natt.diff" which can be found at
> > > http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/.  The second
> > > patch "freebsd6-ipsec-fastipsec-natt.diff" is a cumulative patch
> > > combining both patches together.

Great, thanks!

Next problem that I have encountered (with FAST_IPSEC) is:

# /sbin/setkey -D
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type

Let me know if I can do any further testing, still waiting for status
reports from a few of the pfSense users, but IPSEC seems to work okay
even with this small cosmetic setkey issue.

Scott