On Sun, Sep 17, 2006 at 11:58:17AM -0400, Scott Ullrich wrote:
> On 9/17/06, VANHULLEBUS Yvan <[EMAIL PROTECTED]> wrote:
> >Make sure your ipsec-tools port have been recompiled after your system
> >has been patched / compiled / upgraded, and use
> >/usr/local/sbin/setkey.
> >
> >FreeBSD's setkey does not (yet ?) support NAT-T extensions at all.
> 
> I tried both /sbin/setkey and /usr/locals/bin/setkey and both result
> in the same Invalid extension type errors.

Strange....


[....]
> # /usr/local/sbin/setkey -D
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> Invalid extension type
> 
> Can you think of anything else to try?  I re-compiled ipsec-tools on
> the same host before  sending this.

That really looks like ipsec-tools have been compiled without NAT-T
support.

By default in FreeBSd's port, NAT-T support is enabled if support is
detected on the system (checks for some structs in
include/net/pfkeyv2.h).

Can you compile again ipsec-tools port, but not clean it, and check in
config.h if you have NAT-T support enabled.


Yvan.

-- 
NETASQ
http://www.netasq.com
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to