Hi VANHULLEBUS, Ashish SHUKLA writes: > VANHULLEBUS Yvan writes: >> On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote: >>> Hi,
>> Hi. > Hi >>> I'm running 8.1-RELEASE on amd64. >>> >>> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from >>> behind >>> a NAT and I'm having strange issues working with it. IPsec negotiation >>> succeeds but there are problems with sending traffic over the tunnel. >> In fact, you're trying to set up an IPsec tunnel through a NAT, with >> an userland probably compiled by default with NAT-T support, but a >> kernel without NAT-T support according to your kernel configuration >> file. > Okay, right I'll do it. But any ideas why doing a `tcpdump` causes it to start > sending packets ? I can ssh into the boxen in tunnel network from my local PC > just fine. >> To have it work, first add "options IPSEC_NAT_T" to your kernel conf >> file, compile / install it again. Then install -HEAD version of >> ipsec-tools, as it is actually the only one to be able to send >> correctly NAT-T PFkey extensions to FreeBSD kernel. > Okay, I'll install with IPSEC_NAT_T and install HEAD of ipsec-tools (from the > ipsec-tools SF project). ipsec-tools needs a bit of patching[1] to make it work with 8.1-R. But it worked, and no more need to do 'tcpdump'. References: [1] http://people.freebsd.org/~ashish/diffs/ipsec-tools.diff Thanks -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ “The sky above the port was the color of television, tuned to a dead channel.” (William Gibson, "Neuromancer", 1984)
pgpDA5X8bF0cb.pgp
Description: PGP signature
