Chaps,
On 10-01-20 Wed 1:04 pm, VANHULLEBUS Yvan wrote:
On Wed, Jan 20, 2010 at 03:16:02PM +0600, Rabidinov M.A. wrote:
Does FreeBSD 8.0 support IPSec NAT-T in transport mode?
I want to create a L2TP/IPSec server. My VPN clients are NATed.
L2TP server (MPD5.x) makes tunnel, so I need working IPSec NAT-T in
transport mode.
It may work..... or not....
The missing part is support of NAT-OA payloads, which are used to
update checksums when receiving packets.
But afaik, most L2TP implementations computes checksums, so they will
be checked, and of course will be wrong....
On 2010-01-20 Wed 1:22 pm, Crest wrote:
Yes the NAT-T Patch has been integrated into FreeBSD 8.0.
Just rebuild your kernel with this options:
device crypto # IPsec depends on this
options IPSEC
options IPSEC_DEBUG
options IPSEC_NAT_T
I'm trying to do the same thing as the OP, so thanks for these replies.
However, they seem to be at odds. Are we saying that the NAT-T patch is
there, but is missing checksum re-calculation, so MPD's packets are
going to be discarded?
(FWIW, this seems to be what happens. All the negotiation to set up
IPSEC SAs happens, but MPD's log never shows a single entry. I hadn't
got as far as packet dumps when this thread popped up.)
--
David Murray
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"