I have read some material on the internet and the following documents:
https://svnweb.freebsd.org/base?view=revision&revision=347410
https://svnweb.freebsd.org/base?view=revision&revision=313330
It is my understanding that IPsec including IPSEC_NAT_T was enabled in GENERIC at some point in 12.0, and then removed but kept available in the ipsec module since then. I have a system built from r350477 which appears to already have ipsec in the kernel when I try to
I understand this to mean that NAT traversal is not available in the kernel.
https://svnweb.freebsd.org/base?view=revision&revision=347410
https://svnweb.freebsd.org/base?view=revision&revision=313330
It is my understanding that IPsec including IPSEC_NAT_T was enabled in GENERIC at some point in 12.0, and then removed but kept available in the ipsec module since then. I have a system built from r350477 which appears to already have ipsec in the kernel when I try to
kldload ipsec.ko
. However with StrongSwan I get the error message I quoted in the title.
Code:
unable to set UDP_ENCAP: Invalid argument
I understand this to mean that NAT traversal is not available in the kernel.
Code:
FreeBSD box 12.0-RELEASE-p8 FreeBSD 12.0-RELEASE-p8 r350477 GENERIC amd64