VANHULLEBUS Yvan wrote:
On Tue, Jun 20, 2006 at 11:26:15PM +1000, Michael Vince wrote:
Hey All,
When installing the ipsec-tools it says if you want NAT-T you need to
install this patch, http://ipsec-tools.sourceforge.net/freebsd6-natt.diff
Can any one tell me if this patch works with Fast_ipsec or is it just
for the other ipsec?
Hi.
I didn't have time to port it to FAST_IPSEC now, so it currently only
works with IPSEC.
But FAST_IPSEC support is on my TODO list, and shouldn't be too
difficult.... when I'll have time to work on it, and when we'll
synchronize with other people who are actually working on IPSec
stacks.
Yvan.
OK cool, the thing that really turns my off about that IPSec is when I
reboot with it compiled in says "Expect reduced performance" because its
not mpsafe.
Also I just tried to compile a kernel with that Nat-T patch on the other
IPSEC kernel on 6.1-release and it failed.
I can't think of anything I have done wrong on this machine its pretty
fresh, I did cvsup with "RELENG_6_1" before hand
maybe there is a tiny enough about of changes since the RELENG_6_1_0
release for it to fail but I didn't notice anything serious changed, I
also used the new pure C csup over cvsup client.
The patch installed fine with no errors but the kernel failed to compile
ending with this..
/usr/src/sys/netinet/udp_usrreq.c:1046: warning: 'udp4_espinudp' defined
but not used
The kernel was quite generic listed here below, the GENERIC2 just
missing a few things like scsi and raid bits this machine doesn't need.
include GENERIC2
ident FIREWALL
options DEVICE_POLLING
options HZ=1000
options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
#options FAST_IPSEC
#device crypto
#device cryptodev
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
Mike
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
