FAST_IPSEC NAT-T support
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Mon Sep 18 08:53:12 PDT 2006
On Mon, Sep 18, 2006 at 03:04:04PM +0000, Bjoern A. Zeeb wrote:
> On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote:
>
> >By default in FreeBSd's port, NAT-T support is enabled if support is
> >detected on the system (checks for some structs in
> >include/net/pfkeyv2.h).
> >
> >Can you compile again ipsec-tools port, but not clean it, and check in
> >config.h if you have NAT-T support enabled.
>
> What I had found in the past is that the port (more exactly
> ipsec-tools) does not complain if configure is run with
> --enable-natt but the correct header files are no there. It silently
> continues and just disables natt support.
> That beahvior would be fine for "autodetect" but not for a command
> line option that says "I want natt support and you give me".
By default, I have set the value of port's configuration to "kernel",
which is exactly "use it if supported".
I just checked ./configure --enable-natt=yes (which forces NAT-T
support) on a FreeBSD 6.1 without NAT-T patchset, and I got that:
checking kernel NAT-Traversal support... checking for struct
sadb_x_nat_t_type.sadb_x_nat_t_type_len... no
no
checking whether to support NAT-T... yes
configure: error: NAT-T requested, but no kernel support! Aborting.
If I start again with just --enable-natt, I get the same.
if I use --enable-natt=kernel, I'll have:
checking kernel NAT-Traversal support... checking for struct
sadb_x_nat_t_type.sadb_x_nat_t_type_len... no
no
checking whether to support NAT-T... no
checking which NAT-T versions to support... none
[etc....]
If you are able to reproduce that problem, please send me at least the
output of configure, and, if possible, the corresponding part of
config.log !
Yvan.
--
NETASQ
http://www.netasq.com
More information about the freebsd-net
mailing list