Re: [m0n0wall] Beta 1.3b2 released

From:	Manuel Kasper <mk at neon1 dot net>
To:	Dennis Karlsson <dennis at denniskarlsson dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Beta 1.3b2 released
Date:	Sat, 23 Dec 2006 23:33:30 +0100

On 23.12.06 22:17 +0100, Dennis Karlsson wrote:

> beta2 gives me this on Diagnostics / IPsec;
> 
> SAD (tab)
> 
> Source 	Destination 	Protocol 	SPI 	Enc. alg. 	Auth. alg. 	
> Invalid 	extension
> Invalid 	extension

Right - turns out that we need to use setkey from ipsec-tools now
with the NAT-T extensions. The fix is already in the repository and
will be in 1.3b3.

If it bothers you, here's a /sbin/setkey replacement that solves this
issue:

https://neon1.net/temp/pre-1.3b3/setkey

And then, if it bothers you that "aes-cbc" is shown as "12" in the
SAD view, you can also replace /usr/local/lib/libipsec.so.0 with this:

https://neon1.net/temp/pre-1.3b3/libipsec.so.0

Thanks for the information!

- Manuel