Date: Wed, 20 Jan 2010 14:04:24 +0100 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: "Rabidinov M.A." <tuxper@mail.ru> Cc: freebsd-stable@freebsd.org Subject: Re: IPSec NAT-T in transport mode Message-ID: <20100120130424.GA44272@zeninc.net> In-Reply-To: <659350866.20100120151602@mail.ru> References: <659350866.20100120151602@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 20, 2010 at 03:16:02PM +0600, Rabidinov M.A. wrote: > Hello, Freebsd-stable. Hi. > Does FreeBSD 8.0 support IPSec NAT-T in transport mode? > I want to create a L2TP/IPSec server. My VPN clients are NATed. > L2TP server (MPD5.x) makes tunnel, so I need working IPSec NAT-T in transport mode. > Thanks a lot. It may work..... or not.... The missing part is support of NAT-OA payloads, which are used to update checksums when receiving packets. For TCP, this is mandatory. For UDP (so for L2TP), checksums of 0 are allowed, and of course not checked, so packet will go to destination. But afaik, most L2TP implementations computes checksums, so they will be checked, and of course will be wrong.... Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100120130424.GA44272>