Date: Fri, 22 Jan 2010 18:52:47 -0500 From: Nat Howard <freebsd-stable@track.pupworks.com> To: freebsd-stable@freebsd.org Subject: IPSec NAT-T in transport mode Message-ID: <B0B23035-26CD-45AE-96A0-D16957412C70@track.pupworks.com>
next in thread | raw e-mail | index | archive | help
I'm very interested in this problem -- I want to run an L2TP server = myself. Is anyone actually working on this? I might be able to chip = in a few bucks... But I'm not seeing bad checksums. Here's my setup: L2tp server A<---------------->B Freebsd NAT box C = <-----------internal network----------->D my mac Where should I be seeing the bad checksums? A, B, C, or D? Looking only at B, I don't see any bad udp checksums, but I'm seeing a = bunch of these (IP numbers changed to bracketed names): 23:49:48.004107 IP (tos 0x0, ttl 64, id 52328, offset 0, flags [none], = proto ICMP (1), length 56) [NAT Box] > [External Server] ICMP [NAT Box] = udp port 58660 unreachable, length 36 IP (tos 0x20, ttl 59, id 36320, offset 0, flags [none], proto = UDP (17), length 143) [External Server].1701 > [NAT Box].58660: [|l2tp]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B0B23035-26CD-45AE-96A0-D16957412C70>