From owner-freebsd-net@FreeBSD.ORG Mon Sep 18 15:53:12 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D43716A47E for ; Mon, 18 Sep 2006 15:53:12 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from leia.fdn.fr (ns0.fdn.org [80.67.169.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F6A143D6A for ; Mon, 18 Sep 2006 15:52:51 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25]) by leia.fdn.fr (8.13.3/8.13.3/FDN) with ESMTP id k8IFqlHs017514 for ; Mon, 18 Sep 2006 17:52:51 +0200 Received: by smtp.zeninc.net (smtpd, from userid 1000) id 045643F17; Mon, 18 Sep 2006 17:52:35 +0200 (CEST) Date: Mon, 18 Sep 2006 17:52:35 +0200 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20060918155235.GA26545@zen.inc> References: <20060914093034.A83805@gta.com> <20060915091430.A45488@gta.com> <20060917125531.GA1611@jayce.zen.inc> <20060918145200.GA26025@zen.inc> <20060918145727.F2478@maildrop.int.zabbadoz.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060918145727.F2478@maildrop.int.zabbadoz.net> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: FAST_IPSEC NAT-T support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 15:53:12 -0000 On Mon, Sep 18, 2006 at 03:04:04PM +0000, Bjoern A. Zeeb wrote: > On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: > > >By default in FreeBSd's port, NAT-T support is enabled if support is > >detected on the system (checks for some structs in > >include/net/pfkeyv2.h). > > > >Can you compile again ipsec-tools port, but not clean it, and check in > >config.h if you have NAT-T support enabled. > > What I had found in the past is that the port (more exactly > ipsec-tools) does not complain if configure is run with > --enable-natt but the correct header files are no there. It silently > continues and just disables natt support. > That beahvior would be fine for "autodetect" but not for a command > line option that says "I want natt support and you give me". By default, I have set the value of port's configuration to "kernel", which is exactly "use it if supported". I just checked ./configure --enable-natt=yes (which forces NAT-T support) on a FreeBSD 6.1 without NAT-T patchset, and I got that: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... yes configure: error: NAT-T requested, but no kernel support! Aborting. If I start again with just --enable-natt, I get the same. if I use --enable-natt=kernel, I'll have: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... no checking which NAT-T versions to support... none [etc....] If you are able to reproduce that problem, please send me at least the output of configure, and, if possible, the corresponding part of config.log ! Yvan. -- NETASQ http://www.netasq.com