IPSec NAT-T in transport mode
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Wed Jan 20 13:23:28 UTC 2010
On Wed, Jan 20, 2010 at 03:16:02PM +0600, Rabidinov M.A. wrote:
> Hello, Freebsd-stable.
Hi.
> Does FreeBSD 8.0 support IPSec NAT-T in transport mode?
> I want to create a L2TP/IPSec server. My VPN clients are NATed.
> L2TP server (MPD5.x) makes tunnel, so I need working IPSec NAT-T in transport mode.
> Thanks a lot.
It may work..... or not....
The missing part is support of NAT-OA payloads, which are used to
update checksums when receiving packets.
For TCP, this is mandatory.
For UDP (so for L2TP), checksums of 0 are allowed, and of course not
checked, so packet will go to destination.
But afaik, most L2TP implementations computes checksums, so they
will be checked, and of course will be wrong....
Yvan.
More information about the freebsd-stable
mailing list