Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 Sep 2006 12:20:59 -0400
From:      "Scott Ullrich" <sullrich@gmail.com>
To:        "VANHULLEBUS Yvan" <vanhu_bsd@zeninc.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: FAST_IPSEC NAT-T support
Message-ID:  <d5992baf0609180920p2bb8e064l6d3cd25a6b21cd64@mail.gmail.com>
In-Reply-To: <20060918155235.GA26545@zen.inc>
References:  <20060914093034.A83805@gta.com> <d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com> <20060915091430.A45488@gta.com> <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com> <20060917125531.GA1611@jayce.zen.inc> <d5992baf0609170858y107897c9k3039dbcb3d61d39a@mail.gmail.com> <20060918145200.GA26025@zen.inc> <20060918145727.F2478@maildrop.int.zabbadoz.net> <20060918155235.GA26545@zen.inc>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 9/18/06, VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> wrote:
> By default, I have set the value of port's configuration to "kernel",
> which is exactly "use it if supported".
>
> I just checked ./configure --enable-natt=yes (which forces NAT-T
> support) on a FreeBSD 6.1 without NAT-T patchset, and I got that:
>
> checking kernel NAT-Traversal support... checking for struct
> sadb_x_nat_t_type.sadb_x_nat_t_type_len... no
> no
> checking whether to support NAT-T... yes
> configure: error: NAT-T requested, but no kernel support! Aborting.
>
>
> If I start again with just --enable-natt, I get the same.
>
> if I use --enable-natt=kernel, I'll have:
>
> checking kernel NAT-Traversal support... checking for struct
> sadb_x_nat_t_type.sadb_x_nat_t_type_len... no
> no
> checking whether to support NAT-T... no
> checking which NAT-T versions to support... none
> [etc....]
>
>
> If you are able to reproduce that problem, please send me at least the
> output of configure, and, if possible, the corresponding part of
> config.log !

Hello, here is what I attempted:

1. Reinstalled kernel with NAT-T support
2. cd /usr/ports/security/ipsec-tools && make rmconfig && make install
    * Selected NAT-T support

The portions of configure that mentions NAT-T:

builder# make | grep NAT-T
===> ATTENTION: You need a kernel patch to enable NAT-Traversal functionality!
checking kernel NAT-Traversal support... checking for struct
sadb_x_nat_t_type.sadb_x_nat_t_type_len... no
checking whether to support NAT-T... no
checking which NAT-T versions to support... none

And finally the config.log file (rather long so I posted to my home directory):

http://www.pfsense.com/~sullrich/logs/ipsec-tools/config.log

Thanks for all your help!

Scott

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5992baf0609180920p2bb8e064l6d3cd25a6b21cd64>