FAST_IPSEC NAT-T support
Scott Ullrich
sullrich at gmail.com
Fri Sep 15 13:55:09 PDT 2006
On 9/15/06, Larry Baird <lab at gta.com> wrote:
> Just to be sure I understand the issue. You have a kernel built
> with the FAST_IPSEC NAT-T patches but without the IPSEC_NAT_T option.
> Your VPNs work but you are unable to dump your SAD entries.
No, I have it built with options IPSEC_NAT_T and FAST_IPSEC.
builder# cat pfSense.6 | grep IPSEC
options FAST_IPSEC
options IPSEC_NAT_T
IPSEC works correctly but setkey shows the error.
# setkey -D
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
#
Scott
More information about the freebsd-net
mailing list