Hi Yvan,
On 10-01-22 Fri 5:15 pm, David Murray wrote:
On 10-01-22 Fri 1:19 pm, VANHULLEBUS Yvan wrote:
On Thu, Jan 21, 2010 at 04:36:12PM +0000, David Murray wrote:
On 2010-01-20 Wed 1:22 pm, Crest wrote:
Yes the NAT-T Patch has been integrated into FreeBSD 8.0.
Are we saying that the NAT-T patch is there, but is missing checksum
re-calculation, so MPD's packets are going to be discarded?
Yes, see my other mail in this thread.
(FWIW, this seems to be what happens. All the negotiation to set up
IPSEC SAs happens, but MPD's log never shows a single entry. I
hadn't got as far as packet dumps when this thread popped up.)
And if you have a look at system stats, you'll see lots of UDP
packets dropped because of invalid checksums....
Actually, I find that each attempt to connect causes netstat -s -p udp
to show a few UDP packets arriving and being dropped due to no socket,
rather than bad checksums, so maybe I've got some other sort of
problem with my mpd config, which I'll look into.
Ah, yes, I'd forgotten that my external IP address had changed since I
last tried this, so I needed to restart racoon and ipsec.
So now, like you say, I see UDP packets dropped due to bad checksums.
I'll have a look at the NAT-T RFQs just in case support for NAT-OA
payloads is something I could help with, but I suspect it'll need an
in-depth knowledge of the IP stack.
Thanks!
--
David Murray
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
