Date: Tue, 24 Aug 2010 10:09:58 +0530 From: ashish@FreeBSD.org (Ashish SHUKLA) To: VANHULLEBUS Yvan <vanhu@FreeBSD.org> Cc: freebsd-net@FreeBSD.org Subject: Re: IPsec support in FreeBSD Message-ID: <868w3w8vz5.fsf@chateau.d.if> In-Reply-To: <86eidpscq0.fsf@chateau.d.if> (Ashish SHUKLA's message of "Mon, 23 Aug 2010 18:33:19 %2B0530") References: <86vd72nypn.fsf@chateau.d.if> <20100823075221.GA93863@zeninc.net> <86eidpscq0.fsf@chateau.d.if>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi VANHULLEBUS, Ashish SHUKLA writes: > VANHULLEBUS Yvan writes: >> On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote: >>> Hi, >> Hi. > Hi >>> I'm running 8.1-RELEASE on amd64. >>>=20 >>> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from= behind >>> a NAT and I'm having strange issues working with it. IPsec negotiation >>> succeeds but there are problems with sending traffic over the tunnel. >> In fact, you're trying to set up an IPsec tunnel through a NAT, with >> an userland probably compiled by default with NAT-T support, but a >> kernel without NAT-T support according to your kernel configuration >> file. > Okay, right I'll do it. But any ideas why doing a `tcpdump` causes it to = start > sending packets ? I can ssh into the boxen in tunnel network from my loca= l PC > just fine. >> To have it work, first add "options IPSEC_NAT_T" to your kernel conf >> file, compile / install it again. Then install -HEAD version of >> ipsec-tools, as it is actually the only one to be able to send >> correctly NAT-T PFkey extensions to FreeBSD kernel. > Okay, I'll install with IPSEC_NAT_T and install HEAD of ipsec-tools (from= the > ipsec-tools SF project). ipsec-tools needs a bit of patching[1] to make it work with 8.1-R. But it worked, and no more need to do 'tcpdump'. References: [1] http://people.freebsd.org/~ashish/diffs/ipsec-tools.diff Thanks =2D-=20 Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ =E2=80=9CThe sky above the port was the color of television, tuned to a dead channel.=E2=80=9D (William Gibson, "Neuromancer", 1984) --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBCgAGBQJMc00iAAoJEMdGz6nnT6SwIT8P/A86yyEmEGYs30BTSa1i7+Fm HfLD6v9a0sYxFWMLG0CG6defkEgIoOB+lFOpc86pkK9vXK3/wHU6bNnID69I1l5X d5mwP5YygBJcKZpu+M1RdD3QmcoZMz0AdI8fp8N0hRHASjYpwqeBTglGHBVvTHsJ MzGpYXlbhEF0go3nP+LncCOMDnyxlIOdklWgLwJDd5uysl4z39SjnF+NZ73jBHhP rYZZlJYy6lHcgiBoMtKReTZnYdAFnZlN2VL+m0+Ivvbghn+i27CN62O6G9PKbwn7 Ch/VP9JyWCGXSqhHMJAIfvl3mo0sK5sZx6c+SxoPN4Dt08+fqGWenGPFJt3ZUgUl gBk0071iktfxTi/FYGj57kfb7GUeaiyN5DNsla1U3Vk7v+pmO2uiZeZmaEy6MNn2 mPz3uQ71sq/iucpQz3Jz+wu8vstiQpDiBy16alxatUDEVcoYjUuxaH7f4Mh7G6Vq s1XujisDjRO6zNrPUcvyLgK78AJ54gVoqyA2wVkPlQERNZmrRO9pLNhsmyDEjr9y soFy8s2pxR954pvYNq/4nUGkF6EyyqlDrWHlSNLSI1Rr/phRZPqhyMS4VIY7iatC rFvE2qOq/FcTb70Tyn5i/0T8vN5wKTnvEgQuXlKI/22syVPKC4ILblrtMMwEJgiq GUeHXxp19OB+2ksZ/YG2 =CMtX -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?868w3w8vz5.fsf>