tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Fix for the NAT-T ABI change

In article <>,
S.P.Zeidler <> wrote:
>Dear all,
>please review and test the patch at
>The patch leans on vanhus patch for FreeBSD, but differs.
>IPSEC + IPSEC-NAT-T: tested to work when not using NAT-T
>(I use IPSEC but I have no counterpoint to test NAT-T against at present)
>FAST_IPSEC + IPSEC-NAT-T: does not seem to work less than without the patch
>IPv4 seems to work.
>IPv6: I can ping6 my tunnel gateway, but nothing beyond it. It seems
>to try to open a ipsec conversation to the target itself instead of
>tunnelling, which is Not Allowed (and not expected).
>Starting firefox (with or without the NAT-T patch) gets me a panic with
>ensuing panic of ddb (with the NAT-T patch it's LOCKDEBUG, not convinced
>that that is resembling the reason). I'll test FAST_IPSEC some more later.

Thanks Petra. I just wished the IPSEC folks were more considerate when
making such changes :-( It is really unfortunate that this has been broken
for so long.


Home | Main Index | Thread Index | Old Index