Date: Fri, 15 Sep 2006 16:52:46 -0400 From: Larry Baird <lab@gta.com> To: Scott Ullrich <sullrich@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support Message-ID: <20060915165246.A92818@gta.com> In-Reply-To: <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com>; from sullrich@gmail.com on Fri, Sep 15, 2006 at 12:07:58PM -0400 References: <20060914093034.A83805@gta.com> <d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com> <20060915091430.A45488@gta.com> <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 15, 2006 at 12:07:58PM -0400, Scott Ullrich wrote: > On 9/15/06, Larry Baird <lab@gta.com> wrote: > > On Thu, Sep 14, 2006 at 09:43:38PM -0400, Scott Ullrich wrote: > > > On 9/14/06, Larry Baird <lab@gta.com> wrote: > > > > Please find attached two patches for adding FAST_IPSEC NAT-T support to > > > > FreeBSD 6.x. The patch "freebsd6-fastipsec-natt.diff" is dependent > > > > upon Yvan's IPSEC NAT-T patch "freebsd6-natt.diff" which can be found at > > > > http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/. The second > > > > patch "freebsd6-ipsec-fastipsec-natt.diff" is a cumulative patch > > > > combining both patches together. > > Great, thanks! > > Next problem that I have encountered (with FAST_IPSEC) is: > > # /sbin/setkey -D > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > > Let me know if I can do any further testing, still waiting for status > reports from a few of the pfSense users, but IPSEC seems to work okay > even with this small cosmetic setkey issue. Just to be sure I understand the issue. You have a kernel built with the FAST_IPSEC NAT-T patches but without the IPSEC_NAT_T option. Your VPNs work but you are unable to dump your SAD entries. Larry -- ------------------------------------------------------------------------ Larry Baird | http://www.gta.com Global Technology Associates, Inc. | Orlando, FL Email: lab@gta.com | TEL 407-380-0220, FAX 407-380-6080
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060915165246.A92818>