[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Dennis Karlsson <dennis at denniskarlsson dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Beta 1.3b2 released
 Date:  Sat, 23 Dec 2006 23:33:30 +0100
On 23.12.06 22:17 +0100, Dennis Karlsson wrote:

> beta2 gives me this on Diagnostics / IPsec;
> 
> SAD (tab)
> 
> Source 	Destination 	Protocol 	SPI 	Enc. alg. 	Auth. alg. 	
> Invalid 	extension
> Invalid 	extension

Right - turns out that we need to use setkey from ipsec-tools now
with the NAT-T extensions. The fix is already in the repository and
will be in 1.3b3.

If it bothers you, here's a /sbin/setkey replacement that solves this
issue:

https://neon1.net/temp/pre-1.3b3/setkey

And then, if it bothers you that "aes-cbc" is shown as "12" in the
SAD view, you can also replace /usr/local/lib/libipsec.so.0 with this:

https://neon1.net/temp/pre-1.3b3/libipsec.so.0

Thanks for the information!

- Manuel