Date: Mon, 23 Aug 2010 18:33:19 +0530 From: ashish@FreeBSD.org (Ashish SHUKLA) To: VANHULLEBUS Yvan <vanhu@FreeBSD.org> Cc: freebsd-net@FreeBSD.org Subject: Re: IPsec support in FreeBSD Message-ID: <86eidpscq0.fsf@chateau.d.if> In-Reply-To: <20100823075221.GA93863@zeninc.net> (VANHULLEBUS Yvan's message of "Mon, 23 Aug 2010 09:52:21 %2B0200") References: <86vd72nypn.fsf@chateau.d.if> <20100823075221.GA93863@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable VANHULLEBUS Yvan writes: > On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote: >> Hi, > Hi. Hi >> I'm running 8.1-RELEASE on amd64. >>=20 >> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from = behind >> a NAT and I'm having strange issues working with it. IPsec negotiation >> succeeds but there are problems with sending traffic over the tunnel. > In fact, you're trying to set up an IPsec tunnel through a NAT, with > an userland probably compiled by default with NAT-T support, but a > kernel without NAT-T support according to your kernel configuration > file. Okay, right I'll do it. But any ideas why doing a `tcpdump` causes it to st= art sending packets ? I can ssh into the boxen in tunnel network from my local = PC just fine. > To have it work, first add "options IPSEC_NAT_T" to your kernel conf > file, compile / install it again. Then install -HEAD version of > ipsec-tools, as it is actually the only one to be able to send > correctly NAT-T PFkey extensions to FreeBSD kernel. Okay, I'll install with IPSEC_NAT_T and install HEAD of ipsec-tools (from t= he ipsec-tools SF project). Thanks for the reply =2D-=20 Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ =E2=80=9CWe are not an endangered species ourselves yet, but this is not for lack of trying.=E2=80=9D (Douglas Adams, "Last Chance to See", 1991) --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iQIcBAEBCgAGBQJMcnGkAAoJEMdGz6nnT6SwREcP/2biH5K0ZeZTB/ty+mmg8XUj UB4S4HWs75FTFd6s8+yB/XGWGidMmOWMUhZkWi6VFU/tzkp8VQvK4DdWMfDinjaq Dr0+ZbIVR72Er9o9SJJLA2+CaCsGRL43pSGui2rbAU+/xQMDZPB/fvN+61H9+DXh dXTVEOMHBFwOqgJM2EBi21q+U1IcUfRMkSsV4dvrihXNjjzbIEqf08rh0NMdrP55 VPQ0JHH4s+SnS5DL8NFHIuVKsL+re7jF7DSdOB1MGux+n0nH2MDXEUKwM5kxDQzk SWoi9+xbptEprbDug0jPhgyBj/cVUrJKhN21ggaW/1+ElNmlSfAZKpIaI5nCIZGS 7zzmZvOBGK1OCajv9qbpl1vemVkoTJzcjkUYjpQUcnMMSONSFdEtbzVsagtgC+nF OUUh6OLgr4LGn9S/mvyix1Xaxg+UkGdF3HqmBGhNpxvURuwWx+EW4A7Kh7QHCVOG ehHtP6gbpgmI8jdwwvsEv3CdW9Md1Z8yOIONooHv6gKETyYsQeI6coBQ7fvcouPa CPltQDu/PKoJkPcx3xFubo+Z7doEK2wyDow9xwhVkaHr5GA0ybHWhIcXb+yf2TY/ nw8W+cFHFa6KKpYS5V+is0vyOpVKbgVUBhS7dArtVTfOSjLEmLyaFSxld2HYuJJd fu2364flcsCv8SrwcakW =r7oX -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86eidpscq0.fsf>