IPSec NAT-T in transport mode
Nat Howard
freebsd-stable at track.pupworks.com
Fri Jan 22 23:52:48 UTC 2010
I'm very interested in this problem -- I want to run an L2TP server myself. Is anyone actually working on this? I might be able to chip in a few bucks...
But I'm not seeing bad checksums. Here's my setup:
L2tp server A<---------------->B Freebsd NAT box C <-----------internal network----------->D my mac
Where should I be seeing the bad checksums? A, B, C, or D?
Looking only at B, I don't see any bad udp checksums, but I'm seeing a bunch of these (IP numbers changed to bracketed names):
23:49:48.004107 IP (tos 0x0, ttl 64, id 52328, offset 0, flags [none], proto ICMP (1), length 56) [NAT Box] > [External Server] ICMP [NAT Box] udp port 58660 unreachable, length 36
IP (tos 0x20, ttl 59, id 36320, offset 0, flags [none], proto UDP (17), length 143) [External Server].1701 > [NAT Box].58660: [|l2tp]
More information about the freebsd-stable
mailing list