Date: Mon, 18 Sep 2006 17:52:35 +0200 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support Message-ID: <20060918155235.GA26545@zen.inc> In-Reply-To: <20060918145727.F2478@maildrop.int.zabbadoz.net> References: <20060914093034.A83805@gta.com> <d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com> <20060915091430.A45488@gta.com> <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com> <20060917125531.GA1611@jayce.zen.inc> <d5992baf0609170858y107897c9k3039dbcb3d61d39a@mail.gmail.com> <20060918145200.GA26025@zen.inc> <20060918145727.F2478@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 18, 2006 at 03:04:04PM +0000, Bjoern A. Zeeb wrote: > On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: > > >By default in FreeBSd's port, NAT-T support is enabled if support is > >detected on the system (checks for some structs in > >include/net/pfkeyv2.h). > > > >Can you compile again ipsec-tools port, but not clean it, and check in > >config.h if you have NAT-T support enabled. > > What I had found in the past is that the port (more exactly > ipsec-tools) does not complain if configure is run with > --enable-natt but the correct header files are no there. It silently > continues and just disables natt support. > That beahvior would be fine for "autodetect" but not for a command > line option that says "I want natt support and you give me". By default, I have set the value of port's configuration to "kernel", which is exactly "use it if supported". I just checked ./configure --enable-natt=yes (which forces NAT-T support) on a FreeBSD 6.1 without NAT-T patchset, and I got that: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... yes configure: error: NAT-T requested, but no kernel support! Aborting. If I start again with just --enable-natt, I get the same. if I use --enable-natt=kernel, I'll have: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... no checking which NAT-T versions to support... none [etc....] If you are able to reproduce that problem, please send me at least the output of configure, and, if possible, the corresponding part of config.log ! Yvan. -- NETASQ http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060918155235.GA26545>