Date: Sat, 23 Jan 2010 13:03:49 -0500 From: Nat Howard <freebsd-stable@track.pupworks.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-stable@freebsd.org Subject: Re: IPSec NAT-T in transport mode Message-ID: <54E2892F-3F65-473E-9660-D2E8276E631B@track.pupworks.com> In-Reply-To: <20100123100713.X50938@maildrop.int.zabbadoz.net> References: <B0B23035-26CD-45AE-96A0-D16957412C70@track.pupworks.com> <20100123100713.X50938@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Much obliged for the answer, Bjoern, but I don't follow your logic --=20 If the NAT-T implementation on the L2TP Server (a freebsd box) is = broken, wouldn't it be the one generating things with the wrong = checksum? If that's so, then surely=20 the point "A" wouldn't record seeing any incoming checksum errors, as = they would all be outgoing packets, correct? =20 Thanks for helping to shed light on this puzzle! On Jan 23, 2010, at 5:09 AM, Bjoern A. Zeeb wrote: > On Fri, 22 Jan 2010, Nat Howard wrote: >=20 >> I'm very interested in this problem -- I want to run an L2TP server = myself. Is anyone actually working on this? I might be able to chip = in a few bucks... >>=20 >> But I'm not seeing bad checksums. Here's my setup: >>=20 >>=20 >> L2tp server A<---------------->B Freebsd NAT box C = <-----------internal network----------->D my mac >>=20 >> Where should I be seeing the bad checksums? A, B, C, or D? >>=20 >>=20 >> Looking only at B, I don't see any bad udp checksums, but I'm seeing = a bunch of these (IP numbers changed to bracketed names): >=20 > This doesn't say if you are using IPsec but I will asume so, that > would mean that you D "my mac" would initiate the connection and > the A node "L2tp server" would then be the other end. If that's a > FreeBSD box as well, you should check statistics there. The NAT > gateway in between has nothing to do with this, only the IPsec ends. >=20 > /bz >=20 > --=20 > Bjoern A. Zeeb It will not break if you know what you are = doing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54E2892F-3F65-473E-9660-D2E8276E631B>