Date: Fri, 15 Sep 2006 16:55:01 -0400 From: "Scott Ullrich" <sullrich@gmail.com> To: "Larry Baird" <lab@gta.com> Cc: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support Message-ID: <d5992baf0609151355v581211c4odd421df2ad1c61f7@mail.gmail.com> In-Reply-To: <20060915165246.A92818@gta.com> References: <20060914093034.A83805@gta.com> <d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com> <20060915091430.A45488@gta.com> <d5992baf0609150907p64ce6394y4b1fbb3309e76d53@mail.gmail.com> <20060915165246.A92818@gta.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/15/06, Larry Baird <lab@gta.com> wrote: > Just to be sure I understand the issue. You have a kernel built > with the FAST_IPSEC NAT-T patches but without the IPSEC_NAT_T option. > Your VPNs work but you are unable to dump your SAD entries. No, I have it built with options IPSEC_NAT_T and FAST_IPSEC. builder# cat pfSense.6 | grep IPSEC options FAST_IPSEC options IPSEC_NAT_T IPSEC works correctly but setkey shows the error. # setkey -D Invalid extension type Invalid extension type Invalid extension type Invalid extension type Invalid extension type Invalid extension type Invalid extension type Invalid extension type Invalid extension type # Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5992baf0609151355v581211c4odd421df2ad1c61f7>