Re: Applying NAT-T patch
- From: VANHULLEBUS Yvan <vanhu_bsd@xxxxxxxxxx>
- Date: Thu, 31 May 2007 21:12:09 +0200
On Thu, May 31, 2007 at 09:37:30AM +0000, Matthew Grooms wrote:
[....]
The rest of the patch is ok and will be included today.
Does that mean that only a single issue mentioned by Bjoern has not been
addressed in the latest version of the patch set?
I integrated Bjoern's patch to my own compile when he sent it, but, I
don't understand how, I didn't report his patch to the official NAT-T
patch (where I was sure I did it).
I just sent another mail in this thread to confirm that the patch is
up to date now.
What about the setkey program? Does it need to be patched to read
security associations that use natt extensions? Perhaps the ipsec tools
version can be imported to replace the stock freebsd version?
That is another quite old discussion.
ipsec-tools's setkey changed quite a lot from system's one, and
actually, using the NAT-T patch means "forget system's setkey for at
least some features".
system's setkey will work as it worked before as soon as it have been
recompiled (needed as some PFkey structs size changed), but won't dump
NAT-T related informations.
To have such informations, you'll have to use ipsec-tools's setkey.
I really hope this makes into head before the 7 branch.
Looks like we were all waiting for each others, but it should be
better now.
Yvan.
--
NETASQ
http://www.netasq.com
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- References:
- Re: Applying NAT-T patch
- From: Matthew Grooms
- Re: Applying NAT-T patch
- Prev by Date: Re: Applying NAT-T patch
- Next by Date: Re: [PATCH] ng_pf and l7 filtering possibility with PF
- Previous by thread: Re: Applying NAT-T patch
- Next by thread: Applying NAT-T patch correctly
- Index(es):
Relevant Pages
|
|
