FAST_IPSEC NAT-T support

Sun Sep 17 08:58:20 PDT 2006

On 9/17/06, VANHULLEBUS Yvan <vanhu_bsd at zeninc.net> wrote:
> Make sure your ipsec-tools port have been recompiled after your system
> has been patched / compiled / upgraded, and use
> /usr/local/sbin/setkey.
>
> FreeBSD's setkey does not (yet ?) support NAT-T extensions at all.

I tried both /sbin/setkey and /usr/locals/bin/setkey and both result
in the same Invalid extension type errors.

builder# ls -la /sbin/setkey
-r-xr-xr-x  1 root  wheel  56456 Jun 16 03:49 /sbin/setkey
builder# ls -la /usr/local/sbin/setkey
-r-xr-xr-x  1 root  wheel  86472 Sep 17 15:54 /usr/local/sbin/setkey

# /sbin/setkey -D
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type

# /usr/local/sbin/setkey -D
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type
Invalid extension type

Can you think of anything else to try?  I re-compiled ipsec-tools on
the same host before  sending this.

Thanks!