From owner-freebsd-net@FreeBSD.ORG Tue Aug 24 04:40:13 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5379610656A6; Tue, 24 Aug 2010 04:40:13 +0000 (UTC) (envelope-from wahjava@gmail.com) Received: from mail-px0-f182.google.com (mail-px0-f182.google.com [209.85.212.182]) by mx1.freebsd.org (Postfix) with ESMTP id F0C3A8FC0C; Tue, 24 Aug 2010 04:40:12 +0000 (UTC) Received: by pxi17 with SMTP id 17so2827962pxi.13 for ; Mon, 23 Aug 2010 21:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:received:from:to:cc :subject:organization:references:x-face:x-uptime:x-url :x-operating-system:x-openpgp-id:x-openpgp-fingerprint:x-mailer :x-mail-morse:x-attribution:organisation:date:in-reply-to:message-id :user-agent:face:mime-version:content-type; bh=7lPHPF+1d3CHxcWs0pJNhV3kWa2z12QP2xE/dd3ypUE=; b=a1WrPBcgeGl2yIYvbYyVkehmHaXMgtI+6GAfJLHqj+SEuEZ9VoM0xS4ZeJ5+jnsF0C eSeesw+XD/FViN3U56JLtl90LyRpqCxur+hI/WLmaNk+pghfqcbcYGgOJKy9H99L6H+9 OFpLUenSUYZleaoH7Zw/vv/GFxhZW8u+okwW0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:to:cc:subject:organization:references:x-face:x-uptime :x-url:x-operating-system:x-openpgp-id:x-openpgp-fingerprint :x-mailer:x-mail-morse:x-attribution:organisation:date:in-reply-to :message-id:user-agent:face:mime-version:content-type; b=T15ahYfoAYsFqcglb2GBhGe5idcEF7vkvNMf+TiwmYXh2ZrY0+ndP3KKcm1iAPpV0q CncuhI6T44A07QLZxDJlUidqFPF5i6+R0hTg8FzYNMl6jo8LvETB7WKAwBnrnuMROuVh nZtuPEUiec6ETINc6SbJIYq8mgYtACX3+KQ3Y= Received: by 10.114.113.9 with SMTP id l9mr7172112wac.109.1282624812383; Mon, 23 Aug 2010 21:40:12 -0700 (PDT) Received: from chateau.d.if ([122.163.155.212]) by mx.google.com with ESMTPS id c10sm13865606wam.13.2010.08.23.21.40.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 23 Aug 2010 21:40:11 -0700 (PDT) Sender: Ashish SHUKLA Received: from chateau.d.if (chateau.d.if [IPv6:::1]) by chateau.d.if (Postfix) with ESMTP id 9E2B94ADA6; Tue, 24 Aug 2010 10:10:03 +0530 (IST) From: ashish@FreeBSD.org (Ashish SHUKLA) To: VANHULLEBUS Yvan Organization: The FreeBSD Project References: <86vd72nypn.fsf@chateau.d.if> <20100823075221.GA93863@zeninc.net> <86eidpscq0.fsf@chateau.d.if> X-Face: )vGQ9yK7Y$Flebu1C>(B\gYBm)[$zfKM+p&TT[[JWl6:]S>cc$%-z7-`46Zf0B*syL.C]oCq[upTG~zuS0.$"_%)|Q@$hA=9{3l{%u^h3jJ^Zl; t7 X-Uptime: 10:06AM up 1:16, 3 users, load averages: 0.23, 0.32, 0.22 X-URL: http://762e5e74.wordpress.com/ X-Operating-System: FreeBSD/FreeBSD 8.1-RELEASE/amd64 X-OpenPGP-ID: E74FA4B0 X-OpenPGP-Fingerprint: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 X-Mailer: Gnus v5.13 X-Mail-Morse: .-- .- .... .--- .- ...- .- .--.-. --. -- .- .. .-.. .-.-.- -.-. --- -- X-Attribution: =?utf-8?B?4KSG4KS24KWA4KS3?= Organisation: The FreeBSD Project Date: Tue, 24 Aug 2010 10:09:58 +0530 In-Reply-To: <86eidpscq0.fsf@chateau.d.if> (Ashish SHUKLA's message of "Mon, 23 Aug 2010 18:33:19 +0530") Message-ID: <868w3w8vz5.fsf@chateau.d.if> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (amd64-portbld-freebsd8.1) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJ1BMVEWpqal/f39tbW1jY2Md HR2goKCenp6UlJROTk7////9/f35+fnT09ORJdieAAACVklEQVQ4jXXUP2vbQBQA8AvUTkgz5OzY Z0iGWhpS6BSrkECn0mvx0MEJ6AjtYrfoBCVDlD8naJYmNlRfwZq8+mkKlIZaGpJSYmP7Q/XkJDrJ Td8i/H68u3vHPaPufwLdf32AMA4A6GcAgvAamY1pOJiDIFqicTwLswDhfr3uxfFtkAY/GFHPMwzD 8zpnACmIOnE6js7rQb+v4NJrG9od0C+QgpHMy5jBewV+UDSMWiw1Y4fWfyV7+NGFzDsYa3pth9LJ Q4XvXxFHcJRvHOmygn5NAEabnDcQQguarnfoiwSCJ99jmKKcphsZONmWsDK9Ro7cvZOCtQdg8nje egLhc2LNlkLmsezzTFUUy5w18ocox/f0LaLgJy0zO75zk+9pp85GAj36xjqhdI0y3tq2m4dqqcWX zQWBTz8L1irvolXV4J+3q7eCDgVnttjNq6X8H+9KOZsuNk1uCzx8pSp+E9HImfJOTLdcGqo+YKnG EIovizkEn48V7BO+ch2DXcD4ENSpWiU+q8hjjbgTBZCXnZtyj0Ws4Q1Q0B2WXFtYZo65Bbyeeldw RS6qFueM80LlLA29YlVwGRYvFD+kwI/0O+A2PlpOP9GwslUVciHuYGechuBTp922YiDZCrghTknm XSyOM+D3aoRZlo0Jb42zY7DN4p2x4AeZ+QAYutx1sHwTHzMT5cMNduQ9yW3GczN4KZ86kb0c9O8T yXDeFqpl2fryPEAYGXIlezAPXYh2NgVr/gvdoHIuDwuPwOhcWE8f8mmICq41eATkn8x0kuRTIKcB wE9+/QUtiiAnYcaN7wAAAABJRU5ErkJggg== MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Cc: freebsd-net@FreeBSD.org Subject: Re: IPsec support in FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2010 04:40:13 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi VANHULLEBUS, Ashish SHUKLA writes: > VANHULLEBUS Yvan writes: >> On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote: >>> Hi, >> Hi. > Hi >>> I'm running 8.1-RELEASE on amd64. >>>=20 >>> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from= behind >>> a NAT and I'm having strange issues working with it. IPsec negotiation >>> succeeds but there are problems with sending traffic over the tunnel. >> In fact, you're trying to set up an IPsec tunnel through a NAT, with >> an userland probably compiled by default with NAT-T support, but a >> kernel without NAT-T support according to your kernel configuration >> file. > Okay, right I'll do it. But any ideas why doing a `tcpdump` causes it to = start > sending packets ? I can ssh into the boxen in tunnel network from my loca= l PC > just fine. >> To have it work, first add "options IPSEC_NAT_T" to your kernel conf >> file, compile / install it again. Then install -HEAD version of >> ipsec-tools, as it is actually the only one to be able to send >> correctly NAT-T PFkey extensions to FreeBSD kernel. > Okay, I'll install with IPSEC_NAT_T and install HEAD of ipsec-tools (from= the > ipsec-tools SF project). ipsec-tools needs a bit of patching[1] to make it work with 8.1-R. But it worked, and no more need to do 'tcpdump'. References: [1] http://people.freebsd.org/~ashish/diffs/ipsec-tools.diff Thanks =2D-=20 Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ =E2=80=9CThe sky above the port was the color of television, tuned to a dead channel.=E2=80=9D (William Gibson, "Neuromancer", 1984) --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBCgAGBQJMc00iAAoJEMdGz6nnT6SwIT8P/A86yyEmEGYs30BTSa1i7+Fm HfLD6v9a0sYxFWMLG0CG6defkEgIoOB+lFOpc86pkK9vXK3/wHU6bNnID69I1l5X d5mwP5YygBJcKZpu+M1RdD3QmcoZMz0AdI8fp8N0hRHASjYpwqeBTglGHBVvTHsJ MzGpYXlbhEF0go3nP+LncCOMDnyxlIOdklWgLwJDd5uysl4z39SjnF+NZ73jBHhP rYZZlJYy6lHcgiBoMtKReTZnYdAFnZlN2VL+m0+Ivvbghn+i27CN62O6G9PKbwn7 Ch/VP9JyWCGXSqhHMJAIfvl3mo0sK5sZx6c+SxoPN4Dt08+fqGWenGPFJt3ZUgUl gBk0071iktfxTi/FYGj57kfb7GUeaiyN5DNsla1U3Vk7v+pmO2uiZeZmaEy6MNn2 mPz3uQ71sq/iucpQz3Jz+wu8vstiQpDiBy16alxatUDEVcoYjUuxaH7f4Mh7G6Vq s1XujisDjRO6zNrPUcvyLgK78AJ54gVoqyA2wVkPlQERNZmrRO9pLNhsmyDEjr9y soFy8s2pxR954pvYNq/4nUGkF6EyyqlDrWHlSNLSI1Rr/phRZPqhyMS4VIY7iatC rFvE2qOq/FcTb70Tyn5i/0T8vN5wKTnvEgQuXlKI/22syVPKC4ILblrtMMwEJgiq GUeHXxp19OB+2ksZ/YG2 =CMtX -----END PGP SIGNATURE----- --=-=-=--