Re: Fix for the NAT-T ABI change

To: tech-net%netbsd.org@localhost
Subject: Re: Fix for the NAT-T ABI change
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sat, 28 Aug 2010 15:51:08 +0000 (UTC)

In article <20100828123007.GA22512%serpens.de@localhost>,
S.P.Zeidler <spz%serpens.de@localhost> wrote:
>Dear all,
>
>please review and test the patch at
>http://www.netbsd.org/~spz/ipsec-natt-abi-fix.diff
>
>The patch leans on vanhus patch for FreeBSD, but differs.
>
>IPSEC + IPSEC-NAT-T: tested to work when not using NAT-T
>(I use IPSEC but I have no counterpoint to test NAT-T against at present)
>
>FAST_IPSEC + IPSEC-NAT-T: does not seem to work less than without the patch
>IPv4 seems to work.
>IPv6: I can ping6 my tunnel gateway, but nothing beyond it. It seems
>to try to open a ipsec conversation to the target itself instead of
>tunnelling, which is Not Allowed (and not expected).
>Starting firefox (with or without the NAT-T patch) gets me a panic with
>ensuing panic of ddb (with the NAT-T patch it's LOCKDEBUG, not convinced
>that that is resembling the reason). I'll test FAST_IPSEC some more later.

Thanks Petra. I just wished the IPSEC folks were more considerate when
making such changes :-( It is really unfortunate that this has been broken
for so long.

christos

References:
- Fix for the NAT-T ABI change
  - From: S.P.Zeidler

Prev by Date: Fix for the NAT-T ABI change
Next by Date: Bridge interface and IP address
Previous by Thread: Fix for the NAT-T ABI change
Next by Thread: Bridge interface and IP address
Indexes:

Home | Main Index | Thread Index | Old Index