Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Jan 2011 09:13:22 +0300
From:      Alexander Zagrebin <alex@zagrebin.ru>
To:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: NAT-T/UDPENCAP patch from stable/7
Message-ID:  <20110124061321.GA67220@gw.zagrebin.ru>
In-Reply-To: <20110123161137.A3489@maildrop.int.zabbadoz.net>
References:  <20110123161137.A3489@maildrop.int.zabbadoz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi!

On 23.01.2011 16:13:48 +0000, Bjoern A. Zeeb wrote:

> here is a version of the NAT-T/UDPENCAP patch as in 8 and 9 for
> today's stable/7 for anyone who might want/need it.  I would
> expect it will equally apply to 7.4-RELEASE once that happened.
> 
> http://people.freebsd.org/~bz/20110123-01-stable7-natt.diff
> 
> You will need to figure out the right version of ipsec-tools or other
> IKE clients yourself though.

Until now (at least on the 8.2-PRERELEASE) the setkey from the base
distribution doesn't dump the SAD entries (`setkey -D`) if NAT-T is used.
It reports: "Invalid extension type".

Will be this fixed?

-- 
Alexander Zagrebin



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110124061321.GA67220>