Subject: Re: kern/30437
To: None <manu@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: netbsd-bugs
Date: 10/03/2005 13:21:02
The following reply was made to PR bin/30437; it has been noted by GNATS.
From: Emmanuel Dreyfus <manu@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/30437
Date: Mon, 3 Oct 2005 13:20:41 +0000
On Wed, Sep 28, 2005 at 05:00:03PM +0000, Thor Lancelot Simon wrote:
> From: Thor Lancelot Simon <tls@rek.tjls.com>
> I tried the latest patch in this PR on build.netbsd.org, which runs a
> 3.0_BETA (from three days ago) kernel without NAT_T. It did not restore
> the ability to install transport-mode AH SAs negotiated with ftp.netbsd.org,
> which worked fine under 2.0.
I was able to establish and use a transport-mode AH with a non NAT-T kernel
using that patch. It seems to work fine.
Can you describe more precisely the setup where you get a failure (and
if possible double check that you still get a failure).
My setup has 2 hosts:
katabatic: NetBSD -current, kernel has IPSEC_NAT_T, running racoon
plan: NetBSD -current with the patch, kernel does NOT ave IPSEC_NAT_T,
running racoon
both ends have a SA requiring transport mode AH for communication between
them.
When sending a ping to plan from katabatic, racoon daemons establish the
AH SA and the ping starts working.
--
Emmanuel Dreyfus
manu@netbsd.org