Subject: Re: kern/30437
To: None <gnats-bugs@netbsd.org>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: netbsd-bugs
Date: 10/03/2005 13:20:41
On Wed, Sep 28, 2005 at 05:00:03PM +0000, Thor Lancelot Simon wrote:
> From: Thor Lancelot Simon <tls@rek.tjls.com>
>  I tried the latest patch in this PR on build.netbsd.org, which runs a
>  3.0_BETA (from three days ago) kernel without NAT_T.  It did not restore
>  the ability to install transport-mode AH SAs negotiated with ftp.netbsd.org,
>  which worked fine under 2.0.

I was able to establish and use a transport-mode AH with a non NAT-T kernel
using that patch. It seems to work fine. 

Can you describe more precisely the setup where you get a failure (and
if possible double check that you still get a failure).

My setup has 2 hosts:

katabatic: NetBSD -current, kernel has IPSEC_NAT_T, running racoon
plan: NetBSD -current  with the patch, kernel does NOT ave IPSEC_NAT_T, 
running racoon

both ends have a SA requiring transport mode AH for communication between
them.

When sending a ping to plan from katabatic, racoon daemons establish the
AH SA and the ping starts working.

-- 
Emmanuel Dreyfus
manu@netbsd.org