Christos Zoulas wrote: >>| > If your server is behind NAT, I think that got broken at some point. >>| >>| Oh no! :( >> >>Yes, it is almost working... The tunnel is up, and 3 out of 4 SAD's are >>present; the 4th one comes up as larval and then times out... > >And it is now fixed and tested on little endian. I have done no testing >on big endian. I guess I could boot my sparc64 box and see if the extended >rest made the hardware more reliable :-)
Indeed. It is! Many thanks for your great work! Much appreciated. :) IPsec with Racoon behind NAT is confirmed to work now. Tested on macppc, so there is no endian problem. Do we get a pullup for netbsd-7, and maybe netbsd-6? BTW, my problem with setkey on macppc was caused by the missing swcrypto pseudo device in the kernel. Our IPsec FAQ should mention that you need that, besides "option IPSEC". I know that amd64, i386 and sparc64 have these enabled by default now, but no other port has. -- Frank Wille
