VANHULLEBUS Yvan writes: > On Mon, Aug 23, 2010 at 02:37:16AM +0530, Ashish SHUKLA wrote: >> Hi,
> Hi. Hi >> I'm running 8.1-RELEASE on amd64. >> >> I'm connecting to an IPsec VPN (IPv4, dynamic keying using racoon) from >> behind >> a NAT and I'm having strange issues working with it. IPsec negotiation >> succeeds but there are problems with sending traffic over the tunnel. > In fact, you're trying to set up an IPsec tunnel through a NAT, with > an userland probably compiled by default with NAT-T support, but a > kernel without NAT-T support according to your kernel configuration > file. Okay, right I'll do it. But any ideas why doing a `tcpdump` causes it to start sending packets ? I can ssh into the boxen in tunnel network from my local PC just fine. > To have it work, first add "options IPSEC_NAT_T" to your kernel conf > file, compile / install it again. Then install -HEAD version of > ipsec-tools, as it is actually the only one to be able to send > correctly NAT-T PFkey extensions to FreeBSD kernel. Okay, I'll install with IPSEC_NAT_T and install HEAD of ipsec-tools (from the ipsec-tools SF project). Thanks for the reply -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ “We are not an endangered species ourselves yet, but this is not for lack of trying.” (Douglas Adams, "Last Chance to See", 1991)
pgpSq7UiZZ9KY.pgp
Description: PGP signature
