On Mar 8, 12:14pm, [email protected] (Frank Wille) wrote: -- Subject: Re: Simple IPSEC client with certificate - phase 1 time out
| Christos Zoulas wrote: | | >>| > If your server is behind NAT, I think that got broken at some point. | >>| | >>| Oh no! :( | >> | >>Yes, it is almost working... The tunnel is up, and 3 out of 4 SAD's are | >>present; the 4th one comes up as larval and then times out... | > | >And it is now fixed and tested on little endian. I have done no testing | >on big endian. I guess I could boot my sparc64 box and see if the extended | >rest made the hardware more reliable :-) | | Indeed. It is! Many thanks for your great work! Much appreciated. :) Great! | IPsec with Racoon behind NAT is confirmed to work now. Tested on macppc, so | there is no endian problem. | | Do we get a pullup for netbsd-7, and maybe netbsd-6? I asked for them just now. | BTW, my problem with setkey on macppc was caused by the missing swcrypto | pseudo device in the kernel. | | Our IPsec FAQ should mention that you need that, besides "option IPSEC". I | know that amd64, i386 and sparc64 have these enabled by default now, but no | other port has. URL? christos
