On Mon, 29 Dec 2008, Bjoern A. Zeeb wrote:
On Mon, 29 Dec 2008, Gabe wrote:
This is what setkey -Da returns:
box# setkey -Da
Invalid extension type
Invalid extension type
box#
you are running with the NAT-T patch (as I see you say further down).
Try /usr/local/sbin/setkey -Da in that case.
One more thing; if you are comparing SPIs from the log with setkey,
you can also run
tcpdump -s 0 -vv -ln proto 50
and it will show you something like
... ESP(spi=0x12345678,seq=0x..),
so you could as well compare what you receive on the wire with what
you get in the log. This would help to eliminiate the case of a
promblematic patch.
/bz
--
Bjoern A. Zeeb The greatest risk is not taking one.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
