[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Netbsd-5 racoon: Multiple Phase2 SAs generated when NAT-T enabled
> According to your logs, you're using a 0.7.x version of ipsec-tools,
> which should still use the "old" PFKey interface also used by NetBSD
> (any version actually).
Correct. We tried this with the stock racoon (0.7.1nb1) that comes with the
> Just to be sure: does the same exact configuration work with older
> versions of NetBSD and/or ipsec-tools ?
Unfortunately, we didn't test it with something older than NetBSD 5.0-release /
We only had this two cases so far:
NetBSD 5.0-release + ipsec-tools 0.7.1nb1 + NAT-T
(this topic, PR kern/42606)) -> some new error
NetBSD 5.0-release + ipsec-tools-HEAD (~December 09) + NO NAT-T
(topic , PR kern/42592) -> error likely because of PFkey-interface
Btw: I did test the NAT-T-functionality (direct connection, NAT-T forced) on
two VMs with NetBSD 5.0.1-release and ipsec-tools 0.7.1nb1 (which is also stock
in 5.0.1-release) which resulted in the same error as described in this topic.
Without NAT-T, the tunnel came up well.
Main Index |
Thread Index |