IPSec NAT-T in transport mode
zmiterby at gmail.com
Thu Apr 12 19:13:35 UTC 2012
Does FreeBSD 8.[0-4] support IPSec NAT-T in transport mode? Or it's
still in broken state?
I need to connect NATed VPN clients through L2TP/IPSec and seeing
nothing in mpd5 logs, but growing counters of bad checksums in udp packets.
After some research I found an opened kern/146190 with some sort of
solving the problem through disabling checksum validation, but it still
not work. Every incoming UDP encapsulated ESP packet toggles two
counters: udp no checksums (because of 0 value in every incoming packet
udp checksum) and udp bad checksums (hmmm..., I thought it shouldn't be
happen with a magic patch).
So, can anyone tell me is it possible to connect my NATed VPN clients
through L2TP/IPSec or it's impossible nowadays?
Thanks a lot.
More information about the freebsd-stable