Date: Mon, 18 Sep 2006 16:52:00 +0200 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support Message-ID: <20060918145200.GA26025@zen.inc> In-Reply-To: <d5992baf0609170858y107897c9k3039dbcb3d61d39a@mail.gmail.com> References: <20060914093034.A83805@gta.com> <d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com> <20060915091430.A45488@gta.com> <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com> <20060917125531.GA1611@jayce.zen.inc> <d5992baf0609170858y107897c9k3039dbcb3d61d39a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 17, 2006 at 11:58:17AM -0400, Scott Ullrich wrote: > On 9/17/06, VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> wrote: > >Make sure your ipsec-tools port have been recompiled after your system > >has been patched / compiled / upgraded, and use > >/usr/local/sbin/setkey. > > > >FreeBSD's setkey does not (yet ?) support NAT-T extensions at all. > > I tried both /sbin/setkey and /usr/locals/bin/setkey and both result > in the same Invalid extension type errors. Strange.... [....] > # /usr/local/sbin/setkey -D > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > > Can you think of anything else to try? I re-compiled ipsec-tools on > the same host before sending this. That really looks like ipsec-tools have been compiled without NAT-T support. By default in FreeBSd's port, NAT-T support is enabled if support is detected on the system (checks for some structs in include/net/pfkeyv2.h). Can you compile again ipsec-tools port, but not clean it, and check in config.h if you have NAT-T support enabled. Yvan. -- NETASQ http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060918145200.GA26025>