current-users: Re: NAT stops working with IPSEC kernel

Subject: Re: NAT stops working with IPSEC kernel
To: None <current-users@netbsd.org>
From: ARIGA Seiji <say@sfc.wide.ad.jp>
List: current-users
Date: 03/30/2000 00:36:21

Hi,

On Sun, 26 Mar 2000 13:10:02 -0800 (PST)
Paul Newhouse <newhouse@rockhead.com> wrote:

:I compile a kernel with IPSEC the same config files that used to work 
:for NAT stop working.  I see log messages like:

First, could you tell me,
  - Your network topology in which you are using NAT
  - Which software are you using for NAT ? IPFilter ?
  - What version of NetBSD are you using ? (And maybe, KAME version)

:  Mar 26 12:50:45 bigbox /netbsd: ipsec4_set_policy: invalid direction=0

One of KAME guys said that,
  "When setsockopt(so, IPPROTO_IP, IP_IPSEC_POLICY, policy, policylen); is used
   in user level, ipsec4_set_policy() function in kernel will be called. And if
   something wrong is in the policy structure at that time, this log will appear.
   I think only rrenumd, traceroute, and racoon will be related to this log."
He is using both IPsec and NAT by IPFilter on FreeBSD3.4+KAME.

--
ARIGA Seiji <say@sfc.wide.ad.jp>