From owner-freebsd-stable@FreeBSD.ORG  Thu Apr 12 19:13:35 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7E84A106564A
	for <freebsd-stable@freebsd.org>; Thu, 12 Apr 2012 19:13:35 +0000 (UTC)
	(envelope-from zmiterby@gmail.com)
Received: from mail-we0-f182.google.com (mail-we0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id C44068FC12
	for <freebsd-stable@freebsd.org>; Thu, 12 Apr 2012 19:13:34 +0000 (UTC)
Received: by wern13 with SMTP id n13so1985336wer.13
	for <freebsd-stable@freebsd.org>; Thu, 12 Apr 2012 12:13:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	bh=ta93nYkiUSQHAdLqwTTLo8W1tQ9rRRDsDQVqYncV8+0=;
	b=XBfJqrcf0CAw/NmOj1Oir2SQhqLIs2oglT1/wNjeh9FJbrUv9jA15nHYrpzASa1Ez8
	FNBLrJ/RWnf+yL3vKCdW+SqG1IGiVTgZ2Agm0zGFYanYx15bOEL9Bcl5ltYNPtVCDINq
	Du+xH6R0J5ONhwxS74VFrPVr5Q0sxQEUfCOYr0tnNDifBIX9iij37buZVBRhqIu2s64j
	y9w+g/UvU26I6WyScd1RoxRC50DAzVU68MQv7dGS+j5CJe7RN1ulCVyVyigjeXG/VFGs
	qMdS8eQM9KjVG9FzoMZdra1QGEKitqq9Xt63kfZ9m/xbQBCUyICDNmrjOUyLjs4ovlkB
	dOtw==
Received: by 10.216.139.67 with SMTP id b45mr2487334wej.0.1334258013933;
	Thu, 12 Apr 2012 12:13:33 -0700 (PDT)
Received: from [192.168.100.50] ([178.121.136.168])
	by mx.google.com with ESMTPS id ex2sm24583645wib.8.2012.04.12.12.13.30
	(version=TLSv1/SSLv3 cipher=OTHER);
	Thu, 12 Apr 2012 12:13:31 -0700 (PDT)
Message-ID: <4F87295F.3080801@gmail.com>
Date: Thu, 12 Apr 2012 22:13:35 +0300
From: Zmiter <zmiterby@gmail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru;
	rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
References: <659350866.20100120151602@mail.ru>
In-Reply-To: <659350866.20100120151602@mail.ru>
Content-Type: text/plain; charset=windows-1251; format=flowed
Content-Transfer-Encoding: 7bit
Subject: IPSec NAT-T in transport mode
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 19:13:35 -0000

Hello.
Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's 
still in broken state?
I need to connect NATed VPN clients through L2TP/IPSec and seeing 
nothing in mpd5 logs, but growing counters of bad checksums in udp packets.
After some research I found an opened kern/146190 with some sort of 
solving the problem through disabling checksum validation, but it still 
not work. Every incoming UDP encapsulated ESP packet toggles two 
counters: udp no checksums (because of 0 value in every incoming packet 
udp checksum) and udp bad checksums (hmmm..., I thought it shouldn't be 
happen with a magic patch).
So, can anyone tell me is it possible to connect my NATed VPN clients 
through L2TP/IPSec or it's impossible nowadays?

Thanks a lot.

Zmiter
12.04.2012