Much obliged for the answer, Bjoern, but I don't follow your logic -- If the NAT-T implementation on the L2TP Server (a freebsd box) is broken, wouldn't it be the one generating things with the wrong checksum? If that's so, then surely the point "A" wouldn't record seeing any incoming checksum errors, as they would all be outgoing packets, correct?
Thanks for helping to shed light on this puzzle! On Jan 23, 2010, at 5:09 AM, Bjoern A. Zeeb wrote: > On Fri, 22 Jan 2010, Nat Howard wrote: > >> I'm very interested in this problem -- I want to run an L2TP server myself. >> Is anyone actually working on this? I might be able to chip in a few >> bucks... >> >> But I'm not seeing bad checksums. Here's my setup: >> >> >> L2tp server A<---------------->B Freebsd NAT box C <-----------internal >> network----------->D my mac >> >> Where should I be seeing the bad checksums? A, B, C, or D? >> >> >> Looking only at B, I don't see any bad udp checksums, but I'm seeing a bunch >> of these (IP numbers changed to bracketed names): > > This doesn't say if you are using IPsec but I will asume so, that > would mean that you D "my mac" would initiate the connection and > the A node "L2tp server" would then be the other end. If that's a > FreeBSD box as well, you should check statistics there. The NAT > gateway in between has nothing to do with this, only the IPsec ends. > > /bz > > -- > Bjoern A. Zeeb It will not break if you know what you are doing. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
