Applying NAT-T patch
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Thu May 31 19:12:10 UTC 2007
On Thu, May 31, 2007 at 09:37:30AM +0000, Matthew Grooms wrote:
[....]
> >The rest of the patch is ok and will be included today.
> >
>
> Does that mean that only a single issue mentioned by Bjoern has not been
> addressed in the latest version of the patch set?
I integrated Bjoern's patch to my own compile when he sent it, but, I
don't understand how, I didn't report his patch to the official NAT-T
patch (where I was sure I did it).
I just sent another mail in this thread to confirm that the patch is
up to date now.
> What about the setkey program? Does it need to be patched to read
> security associations that use natt extensions? Perhaps the ipsec tools
> version can be imported to replace the stock freebsd version?
That is another quite old discussion.
ipsec-tools's setkey changed quite a lot from system's one, and
actually, using the NAT-T patch means "forget system's setkey for at
least some features".
system's setkey will work as it worked before as soon as it have been
recompiled (needed as some PFkey structs size changed), but won't dump
NAT-T related informations.
To have such informations, you'll have to use ipsec-tools's setkey.
> I really hope this makes into head before the 7 branch.
Looks like we were all waiting for each others, but it should be
better now.
Yvan.
--
NETASQ
http://www.netasq.com
More information about the freebsd-net
mailing list