IPsec support in FreeBSD

VANHULLEBUS Yvan vanhu at FreeBSD.org
Mon Aug 23 08:09:00 UTC 2010

On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote:
> Hi,


> I'm running 8.1-RELEASE on amd64.
> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from behind
> a NAT and I'm having strange issues working with it. IPsec negotiation
> succeeds but there are problems with sending traffic over the tunnel.

In fact, you're trying to set up an IPsec tunnel through a NAT, with
an userland probably compiled by default with NAT-T support, but a
kernel without NAT-T support according to your kernel configuration

To have it work, first add "options IPSEC_NAT_T" to your kernel conf
file, compile / install it again. Then install -HEAD version of
ipsec-tools, as it is actually the only one to be able to send
correctly NAT-T PFkey extensions to FreeBSD kernel.

Then you'll have time to deal with other things such as racoon.conf or
filtering stuff :-)


More information about the freebsd-net mailing list