From owner-freebsd-stable@FreeBSD.ORG  Fri Apr 13 04:28:55 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 605F4106566B
	for <stable@freebsd.org>; Fri, 13 Apr 2012 04:28:55 +0000 (UTC)
	(envelope-from zmiterby@gmail.com)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id E287F8FC0A
	for <stable@freebsd.org>; Fri, 13 Apr 2012 04:28:54 +0000 (UTC)
Received: by wgbds12 with SMTP id ds12so2628256wgb.31
	for <stable@freebsd.org>; Thu, 12 Apr 2012 21:28:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:subject
	:content-type:content-transfer-encoding;
	bh=ta93nYkiUSQHAdLqwTTLo8W1tQ9rRRDsDQVqYncV8+0=;
	b=taeuCgVZ9hRnaUstt3hTyYWHJhat7dfje9nZ9MBuJz4MRdURHgUc5up4LVNWYV5tUk
	OkFdUA2llUZ7YBvHWo00eDGfe+LEUrU+VNmMhXo31T0j0IFAbLvPcrYARocRwZlin/dK
	mJZGlB1Gt9wdeMFWWBDwaz0KVZDOzgfNXlnuttQg89qlTf51eAV8tGtyBBHaPsU2hVCB
	eBcyQX5AeAwbg8qlaGOmrsCp5b10jUGcbNXJkDmwV2AKc9t4viCWIN5yB37o9G4DpSON
	qU8mxUm58h0BfrNX++ZgWj60tF+vL7S+EjE5tEJDkuEljE/4FolAJFeA2wcxyF6bWhbD
	1GSw==
Received: by 10.180.107.132 with SMTP id hc4mr453232wib.21.1334291333733;
	Thu, 12 Apr 2012 21:28:53 -0700 (PDT)
Received: from [127.0.0.1] ([178.121.136.168])
	by mx.google.com with ESMTPS id n20sm3535725wiw.5.2012.04.12.21.28.51
	(version=SSLv3 cipher=OTHER); Thu, 12 Apr 2012 21:28:52 -0700 (PDT)
Message-ID: <4F87AB6F.4050504@gmail.com>
Date: Fri, 13 Apr 2012 07:28:31 +0300
From: Zmiter <zmiterby@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: stable@freebsd.org
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Support for IPSec NAT-T in transoprt mode
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 04:28:55 -0000

Hello.
Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's 
still in broken state?
I need to connect NATed VPN clients through L2TP/IPSec and seeing 
nothing in mpd5 logs, but growing counters of bad checksums in udp packets.
After some research I found an opened kern/146190 with some sort of 
solving the problem through disabling checksum validation, but it still 
not work. Every incoming UDP encapsulated ESP packet toggles two 
counters: udp no checksums (because of 0 value in every incoming packet 
udp checksum) and udp bad checksums (hmmm..., I thought it shouldn't be 
happen with a magic patch).
So, can anyone tell me is it possible to connect my NATed VPN clients 
through L2TP/IPSec or it's impossible nowadays?

Thanks a lot.

Zmiter
12.04.2012