> Do you think that I must disable AH in sysctl.conf? > > net.inet.ah.enable=0 > > Only this? I can't try this now because I'm not at office. I'll try it > tomorow... > Thanks, > Helio.
> Yes, you can use that setting to disable AH. Also, you need to make > sure that your NAT routers are forwarding port 500 for isakmpd traffic > to the openbsd computers. Thanks. I'm sure that my router forward all the traffic received on port 500 from internet to the OpenBSD because when I make a tcpdump listening on my OBSD external interface (with -i ne3 udp port 500), I see there is incoming traffic... Do you really think that if I disable AH in sysctl.conf will be enough?... :) Cheers, Helio.
