[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
when changing key_cmpsaidx_exactly to key_cmpsaidx_withmode in
negotiations work again. This change is inspired by the code found in
Caution: I have not deeply looked into the issue - thus this change be
be completely wrong, but it gives
probably a hint at whats wrong.
My rules refer to any protocol - so exact comparisons for specific
protocols probably don't match
in the key_cmpsaidx_exactly function.
Thus wrote VANHULLEBUS Yvan (vanhu%free.fr@localhost):
On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote:
before I unpack digging equipment:
is it old news that racoon and a kernel with NAT-T  will result in a
failure to do IPSEC because the pfkey update about NAT-T fails in phase 2
and racoon decides to fail the entire connection?
As asked by other people, what are the exact versions of racoon and
NetBSD you're running ?
Amend that to (racoon and a kernel with NAT-T) (as of Oct 25th)
If you're running NetBSD-current and racoon-HEAD (which is probably
the shipped version with NetBSD-current), yes, it may be a well known
problem in PFKey interface, I started to clean it but it will need
more works on both kernel and userland.
Yes, a NetBSD-current will also have racoon-HEAD of the same date.
Since someone's already working on it I'll be lazy and wait for nice
things to come. ;-)
Main Index |
Thread Index |