Date: Mon, 23 Aug 2010 09:52:21 +0200 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: freebsd-net@FreeBSD.org Subject: Re: IPsec support in FreeBSD Message-ID: <20100823075221.GA93863@zeninc.net> In-Reply-To: <86vd72nypn.fsf@chateau.d.if> References: <86vd72nypn.fsf@chateau.d.if>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote: > Hi, Hi. > I'm running 8.1-RELEASE on amd64. > > I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from behind > a NAT and I'm having strange issues working with it. IPsec negotiation > succeeds but there are problems with sending traffic over the tunnel. In fact, you're trying to set up an IPsec tunnel through a NAT, with an userland probably compiled by default with NAT-T support, but a kernel without NAT-T support according to your kernel configuration file. To have it work, first add "options IPSEC_NAT_T" to your kernel conf file, compile / install it again. Then install -HEAD version of ipsec-tools, as it is actually the only one to be able to send correctly NAT-T PFkey extensions to FreeBSD kernel. Then you'll have time to deal with other things such as racoon.conf or filtering stuff :-) Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100823075221.GA93863>