From owner-freebsd-net@FreeBSD.ORG  Mon Aug 23 13:03:44 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 29BB710656AA
	for <freebsd-net@freebsd.org>; Mon, 23 Aug 2010 13:03:44 +0000 (UTC)
	(envelope-from wahjava@gmail.com)
Received: from mail-px0-f182.google.com (mail-px0-f182.google.com
	[209.85.212.182])
	by mx1.freebsd.org (Postfix) with ESMTP id C7B298FC17
	for <freebsd-net@freebsd.org>; Mon, 23 Aug 2010 13:03:43 +0000 (UTC)
Received: by pxi17 with SMTP id 17so2489042pxi.13
	for <multiple recipients>; Mon, 23 Aug 2010 06:03:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:sender:received:from:to:cc
	:subject:organization:references:x-face:x-uptime:x-url
	:x-operating-system:x-openpgp-id:x-openpgp-fingerprint:x-mailer
	:x-mail-morse:x-attribution:organisation:date:in-reply-to:message-id
	:user-agent:face:mime-version:content-type;
	bh=JdCJLOImEGGdAoeXCOPV0jr6xAEOTQKY5DOVrSzYhIU=;
	b=j374fQWhpe359Xp1neJBMTNWIR2ipDHLIxvq+cYCZMO9gemNgIHsagjE59DyP8Y4gx
	EUup0Bzxqg2i9HTMuCLIEd7zaKE57eqC7mZJtmrKlEx8gCWuqOI8T6Jy1dwdXcYdc/TA
	TLGo7HPWYsGOzevFrvZB7BIlPiozOixMUjqpQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=sender:from:to:cc:subject:organization:references:x-face:x-uptime
	:x-url:x-operating-system:x-openpgp-id:x-openpgp-fingerprint
	:x-mailer:x-mail-morse:x-attribution:organisation:date:in-reply-to
	:message-id:user-agent:face:mime-version:content-type;
	b=MyX2qT7avwC2h6yNHPACgXltB5ZF/E10/WORI5keFkM9hxYUwznEOBQ51RA2psrcjk
	ycAbBoQ5MpIeuA7bYBrNqUoXAVZZRcPUdutqpVGvVsDXU1KPtU9L2WkdQ6oLeJeiS4Ju
	npnqLy7J8Z6pSP0Yjiptoxd1jViVVANBXaYKQ=
Received: by 10.114.38.1 with SMTP id l1mr5890698wal.41.1282568621686;
	Mon, 23 Aug 2010 06:03:41 -0700 (PDT)
Received: from chateau.d.if ([122.163.157.227])
	by mx.google.com with ESMTPS id c24sm12506941wam.7.2010.08.23.06.03.37
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Mon, 23 Aug 2010 06:03:39 -0700 (PDT)
Sender: Ashish SHUKLA <wahjava@gmail.com>
Received: from chateau.d.if (chateau.d.if [127.0.0.1])
	by chateau.d.if (Postfix) with ESMTP id 04FD52D8ED2;
	Mon, 23 Aug 2010 18:33:32 +0530 (IST)
From: ashish@FreeBSD.org (Ashish SHUKLA)
To: VANHULLEBUS Yvan <vanhu@FreeBSD.org>
Organization: The FreeBSD Project
References: <86vd72nypn.fsf@chateau.d.if> <20100823075221.GA93863@zeninc.net>
X-Face: )vGQ9yK7Y$Flebu1C>(B\gYBm)[$zfKM+p&TT[[JWl6:]S>cc$%-z7-`46Zf0B*syL.C]oCq[upTG~zuS0.$"_%)|Q@$hA=9{3l{%u^h3jJ^Zl;
	t7
X-Uptime: 18:27:12 up  1:52,  1 user,  load average: 0.09, 0.10, 0.04
X-URL: http://762e5e74.wordpress.com/
X-Operating-System: GNU/Linux/Linux 2.6.34-ARCH/x86_64
X-OpenPGP-ID: E74FA4B0
X-OpenPGP-Fingerprint: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0
X-Mailer: Gnus v5.13
X-Mail-Morse: .-- .- .... .--- .- ...- .- .--.-. --. -- .- .. .-.. .-.-.- -.-.
	--- --
X-Attribution: =?utf-8?B?4KSG4KS24KWA4KS3?=
Organisation: The FreeBSD Project
Date: Mon, 23 Aug 2010 18:33:19 +0530
In-Reply-To: <20100823075221.GA93863@zeninc.net> (VANHULLEBUS Yvan's message
	of "Mon, 23 Aug 2010 09:52:21 +0200")
Message-ID: <86eidpscq0.fsf@chateau.d.if>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (x86_64-unknown-linux-gnu)
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJ1BMVEWpqal/f39tbW1jY2Md
	HR2goKCenp6UlJROTk7////9/f35+fnT09ORJdieAAACVklEQVQ4jXXUP2vbQBQA8AvUTkgz5OzY
	Z0iGWhpS6BSrkECn0mvx0MEJ6AjtYrfoBCVDlD8naJYmNlRfwZq8+mkKlIZaGpJSYmP7Q/XkJDrJ
	Td8i/H68u3vHPaPufwLdf32AMA4A6GcAgvAamY1pOJiDIFqicTwLswDhfr3uxfFtkAY/GFHPMwzD
	8zpnACmIOnE6js7rQb+v4NJrG9od0C+QgpHMy5jBewV+UDSMWiw1Y4fWfyV7+NGFzDsYa3pth9LJ
	Q4XvXxFHcJRvHOmygn5NAEabnDcQQguarnfoiwSCJ99jmKKcphsZONmWsDK9Ro7cvZOCtQdg8nje
	egLhc2LNlkLmsezzTFUUy5w18ocox/f0LaLgJy0zO75zk+9pp85GAj36xjqhdI0y3tq2m4dqqcWX
	zQWBTz8L1irvolXV4J+3q7eCDgVnttjNq6X8H+9KOZsuNk1uCzx8pSp+E9HImfJOTLdcGqo+YKnG
	EIovizkEn48V7BO+ch2DXcD4ENSpWiU+q8hjjbgTBZCXnZtyj0Ws4Q1Q0B2WXFtYZo65Bbyeeldw
	RS6qFueM80LlLA29YlVwGRYvFD+kwI/0O+A2PlpOP9GwslUVciHuYGechuBTp922YiDZCrghTknm
	XSyOM+D3aoRZlo0Jb42zY7DN4p2x4AeZ+QAYutx1sHwTHzMT5cMNduQ9yW3GczN4KZ86kb0c9O8T
	yXDeFqpl2fryPEAYGXIlezAPXYh2NgVr/gvdoHIuDwuPwOhcWE8f8mmICq41eATkn8x0kuRTIKcB
	wE9+/QUtiiAnYcaN7wAAAABJRU5ErkJggg==
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Cc: freebsd-net@FreeBSD.org
Subject: Re: IPsec support in FreeBSD
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Aug 2010 13:03:44 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

VANHULLEBUS Yvan writes:
> On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote:
>> Hi,

> Hi.

Hi

>> I'm running 8.1-RELEASE on amd64.
>>=20
>> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from =
behind
>> a NAT and I'm having strange issues working with it. IPsec negotiation
>> succeeds but there are problems with sending traffic over the tunnel.

> In fact, you're trying to set up an IPsec tunnel through a NAT, with
> an userland probably compiled by default with NAT-T support, but a
> kernel without NAT-T support according to your kernel configuration
> file.

Okay, right I'll do it. But any ideas why doing a `tcpdump` causes it to st=
art
sending packets ? I can ssh into the boxen in tunnel network from my local =
PC
just fine.

> To have it work, first add "options IPSEC_NAT_T" to your kernel conf
> file, compile / install it again. Then install -HEAD version of
> ipsec-tools, as it is actually the only one to be able to send
> correctly NAT-T PFkey extensions to FreeBSD kernel.

Okay, I'll install with IPSEC_NAT_T and install HEAD of ipsec-tools (from t=
he
ipsec-tools SF project).

Thanks for the reply
=2D-=20
Ashish SHUKLA      | GPG: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0
freebsd.org!ashish | http://people.freebsd.org/~ashish/

=E2=80=9CWe are not an endangered species ourselves yet, but this is not for
lack of trying.=E2=80=9D (Douglas Adams, "Last Chance to See", 1991)

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iQIcBAEBCgAGBQJMcnGkAAoJEMdGz6nnT6SwREcP/2biH5K0ZeZTB/ty+mmg8XUj
UB4S4HWs75FTFd6s8+yB/XGWGidMmOWMUhZkWi6VFU/tzkp8VQvK4DdWMfDinjaq
Dr0+ZbIVR72Er9o9SJJLA2+CaCsGRL43pSGui2rbAU+/xQMDZPB/fvN+61H9+DXh
dXTVEOMHBFwOqgJM2EBi21q+U1IcUfRMkSsV4dvrihXNjjzbIEqf08rh0NMdrP55
VPQ0JHH4s+SnS5DL8NFHIuVKsL+re7jF7DSdOB1MGux+n0nH2MDXEUKwM5kxDQzk
SWoi9+xbptEprbDug0jPhgyBj/cVUrJKhN21ggaW/1+ElNmlSfAZKpIaI5nCIZGS
7zzmZvOBGK1OCajv9qbpl1vemVkoTJzcjkUYjpQUcnMMSONSFdEtbzVsagtgC+nF
OUUh6OLgr4LGn9S/mvyix1Xaxg+UkGdF3HqmBGhNpxvURuwWx+EW4A7Kh7QHCVOG
ehHtP6gbpgmI8jdwwvsEv3CdW9Md1Z8yOIONooHv6gKETyYsQeI6coBQ7fvcouPa
CPltQDu/PKoJkPcx3xFubo+Z7doEK2wyDow9xwhVkaHr5GA0ybHWhIcXb+yf2TY/
nw8W+cFHFa6KKpYS5V+is0vyOpVKbgVUBhS7dArtVTfOSjLEmLyaFSxld2HYuJJd
fu2364flcsCv8SrwcakW
=r7oX
-----END PGP SIGNATURE-----
--=-=-=--