IPsec support in FreeBSD
Ashish SHUKLA
ashish at FreeBSD.org
Mon Aug 23 13:03:44 UTC 2010
VANHULLEBUS Yvan writes:
> On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote:
>> Hi,
> Hi.
Hi
>> I'm running 8.1-RELEASE on amd64.
>>
>> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from behind
>> a NAT and I'm having strange issues working with it. IPsec negotiation
>> succeeds but there are problems with sending traffic over the tunnel.
> In fact, you're trying to set up an IPsec tunnel through a NAT, with
> an userland probably compiled by default with NAT-T support, but a
> kernel without NAT-T support according to your kernel configuration
> file.
Okay, right I'll do it. But any ideas why doing a `tcpdump` causes it to start
sending packets ? I can ssh into the boxen in tunnel network from my local PC
just fine.
> To have it work, first add "options IPSEC_NAT_T" to your kernel conf
> file, compile / install it again. Then install -HEAD version of
> ipsec-tools, as it is actually the only one to be able to send
> correctly NAT-T PFkey extensions to FreeBSD kernel.
Okay, I'll install with IPSEC_NAT_T and install HEAD of ipsec-tools (from the
ipsec-tools SF project).
Thanks for the reply
--
Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0
freebsd.org!ashish | http://people.freebsd.org/~ashish/
“We are not an endangered species ourselves yet, but this is not for
lack of trying.” (Douglas Adams, "Last Chance to See", 1991)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20100823/d077c4a7/attachment.pgp
More information about the freebsd-net
mailing list