FAST_IPSEC NAT-T support
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Sun Sep 17 05:55:42 PDT 2006
On Fri, Sep 15, 2006 at 12:07:58PM -0400, Scott Ullrich wrote:
[....]
> Next problem that I have encountered (with FAST_IPSEC) is:
>
> # /sbin/setkey -D
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
>
> Let me know if I can do any further testing, still waiting for status
> reports from a few of the pfSense users, but IPSEC seems to work okay
> even with this small cosmetic setkey issue.
Make sure your ipsec-tools port have been recompiled after your system
has been patched / compiled / upgraded, and use
/usr/local/sbin/setkey.
FreeBSD's setkey does not (yet ?) support NAT-T extensions at all.
Yvan.
--
NETASQ
http://www.netasq.com
More information about the freebsd-net
mailing list