On Mon, Sep 18, 2006 at 03:04:04PM +0000, Bjoern A. Zeeb wrote: > On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: > > >By default in FreeBSd's port, NAT-T support is enabled if support is > >detected on the system (checks for some structs in > >include/net/pfkeyv2.h). > > > >Can you compile again ipsec-tools port, but not clean it, and check in > >config.h if you have NAT-T support enabled. > > What I had found in the past is that the port (more exactly > ipsec-tools) does not complain if configure is run with > --enable-natt but the correct header files are no there. It silently > continues and just disables natt support. > That beahvior would be fine for "autodetect" but not for a command > line option that says "I want natt support and you give me".
By default, I have set the value of port's configuration to "kernel", which is exactly "use it if supported". I just checked ./configure --enable-natt=yes (which forces NAT-T support) on a FreeBSD 6.1 without NAT-T patchset, and I got that: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... yes configure: error: NAT-T requested, but no kernel support! Aborting. If I start again with just --enable-natt, I get the same. if I use --enable-natt=kernel, I'll have: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... no checking which NAT-T versions to support... none [etc....] If you are able to reproduce that problem, please send me at least the output of configure, and, if possible, the corresponding part of config.log ! Yvan. -- NETASQ http://www.netasq.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
