On Sun, Sep 17, 2006 at 11:58:17AM -0400, Scott Ullrich wrote: > On 9/17/06, VANHULLEBUS Yvan <[EMAIL PROTECTED]> wrote: > >Make sure your ipsec-tools port have been recompiled after your system > >has been patched / compiled / upgraded, and use > >/usr/local/sbin/setkey. > > > >FreeBSD's setkey does not (yet ?) support NAT-T extensions at all. > > I tried both /sbin/setkey and /usr/locals/bin/setkey and both result > in the same Invalid extension type errors.
Strange.... [....] > # /usr/local/sbin/setkey -D > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > > Can you think of anything else to try? I re-compiled ipsec-tools on > the same host before sending this. That really looks like ipsec-tools have been compiled without NAT-T support. By default in FreeBSd's port, NAT-T support is enabled if support is detected on the system (checks for some structs in include/net/pfkeyv2.h). Can you compile again ipsec-tools port, but not clean it, and check in config.h if you have NAT-T support enabled. Yvan. -- NETASQ http://www.netasq.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"