Hello,
I'm trying to establish IPSec connection between FreeBSD and
Solaris boxes. I use FreeBSD 8-STABLE (don't recall exact checkout
date, but it contains recent IPComp fixes for sure).
Since I'm behind NAT, I compiled 0.8alpha snapshot of ipsec-tools
from their site.
racoon config looks like
On 02/11/10 15:55, Bjoern A. Zeeb wrote:
On Thu, 11 Feb 2010, VANHULLEBUS Yvan wrote:
How can I further debug this problem?
You can check on responder that you have lots of TCP checksums errors,
which will confirm that you would need support for NAT-OA extension of
NAT-T RFC, as you want to d
On 02/11/10 15:55, Bjoern A. Zeeb wrote:
On Thu, 11 Feb 2010, VANHULLEBUS Yvan wrote:
How can I further debug this problem?
You can check on responder that you have lots of TCP checksums errors,
which will confirm that you would need support for NAT-OA extension of
NAT-T RFC, as you want to d
On 02/23/10 15:21, VANHULLEBUS Yvan wrote:
On Tue, Feb 23, 2010 at 02:10:23PM +0300, Denis Antrushin wrote:
[...]
ipsec-tools understand NAT-OA payload in IKE exchange, but then simply
discard it and do not send this information to kernel.
In ipsec-tool mailing list archives I found mention
On 03/19/10 14:53, Ermal Luçi wrote:
Shouldn't this check be
if (m->m_len> sizeof (struct ip)) {
instead of
if (m->m_len< sizeof (struct ip)) {
in
http://fxr.watson.org/fxr/source/netipsec/ipsec.c?im=excerpts#L595
You're right (only '>' should be '>=' here, perhaps?).
This change fixed
On 03/24/10 10:14, Oleg Fedorov wrote:
If exist some IPSec NAT-T patch for FreeBSD 7.3?
There is patch for 7.2 here:
http://people.freebsd.org/~vanhu/NAT-T/
This short thread is worth reading also:
http://www.mail-archive.com/freebsd-net@freebsd.org/msg30675.html
(ipsec-tools 0.7.3 is broke
