Hi! > > But when the host is placed over NAT, everything stops working. > > After negotiates IKE and key additions to the database SA traffic does > > not pass. "tcpdump enc0" shows that traffic is decoded normaly, but then > > he does not processed, packets discarded. > > Counters ipfw to rule 1 does not grow. At FreeBSD 6.2 I have the same > > problem (FAST_IPSEC or KAME IPSEC). > > ESP transport with NAT-T may need NAT-OA support, which is not > provided by the actual patch, nor by userland. > > "may", because checksums (which needs that NAT-OA payload to be > correctly recomputed by the destination) are optionnal on UDP, and, > afaik, L2TP is encapsulated in UDP datagrams. > > Looks like XP sets the checksums for UDP datagrams.....
In such a case should help it: sysctl net.inet.udp.checksum=0 ? -- Best regards, Harun Daniil _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
