IPSec NAT-T in transport mode
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sat Jan 23 10:10:08 UTC 2010
On Fri, 22 Jan 2010, Nat Howard wrote:
> I'm very interested in this problem -- I want to run an L2TP server myself. Is anyone actually working on this? I might be able to chip in a few bucks...
>
> But I'm not seeing bad checksums. Here's my setup:
>
>
> L2tp server A<---------------->B Freebsd NAT box C <-----------internal network----------->D my mac
>
> Where should I be seeing the bad checksums? A, B, C, or D?
>
>
> Looking only at B, I don't see any bad udp checksums, but I'm seeing a bunch of these (IP numbers changed to bracketed names):
This doesn't say if you are using IPsec but I will asume so, that
would mean that you D "my mac" would initiate the connection and
the A node "L2tp server" would then be the other end. If that's a
FreeBSD box as well, you should check statistics there. The NAT
gateway in between has nothing to do with this, only the IPsec ends.
/bz
--
Bjoern A. Zeeb It will not break if you know what you are doing.
More information about the freebsd-stable
mailing list