On Thu, Jun 26, 2008 at 04:09:00PM +0600, Daniil Harun wrote: > Dear sirs!
Hi. I forgot to reply your private mail this morning, but it's still better to have the question and the answer on a public ML, it may be useful for other people. > Sorry for my bad English! I ask to help me, if you have some spare time. > > I'm using the patch for support IPSEC NAT Traversal on FreeBSD 7.0.Will not > work NAT-T with Windows XP in the real situation. [....] > But when the host is placed over NAT, everything stops working. > After negotiates IKE and key additions to the database SA traffic does not > pass. "tcpdump enc0" shows that traffic is decoded normaly, but then he does > not processed, packets discarded. > Counters ipfw to rule 1 does not grow. At FreeBSD 6.2 I have the same problem > (FAST_IPSEC or KAME IPSEC). ESP transport with NAT-T may need NAT-OA support, which is not provided by the actual patch, nor by userland. "may", because checksums (which needs that NAT-OA payload to be correctly recomputed by the destination) are optionnal on UDP, and, afaik, L2TP is encapsulated in UDP datagrams. Looks like XP sets the checksums for UDP datagrams..... Yvan. -- NETASQ http://www.netasq.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
