Hi. On Thu, Jan 21, 2010 at 04:36:12PM +0000, David Murray wrote: [...] > On 2010-01-20 Wed 1:22 pm, Crest wrote: > > >Yes the NAT-T Patch has been integrated into FreeBSD 8.0. > > > >Just rebuild your kernel with this options: > >device crypto # IPsec depends on this > >options IPSEC > >options IPSEC_DEBUG > >options IPSEC_NAT_T > > I'm trying to do the same thing as the OP, so thanks for these replies. > > However, they seem to be at odds. Are we saying that the NAT-T patch is > there, but is missing checksum re-calculation, so MPD's packets are > going to be discarded?
Yes, see my other mail in this thread. > (FWIW, this seems to be what happens. All the negotiation to set up > IPSEC SAs happens, but MPD's log never shows a single entry. I hadn't > got as far as packet dumps when this thread popped up.) And if you have a look at system stats, you'll see lots of UDP packets dropped because of invalid checksums.... Yvan. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
