From owner-freebsd-stable@FreeBSD.ORG Fri Jan 22 17:15:50 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B20201065697 for ; Fri, 22 Jan 2010 17:15:50 +0000 (UTC) (envelope-from freebsd-stable@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 6AC918FC2C for ; Fri, 22 Jan 2010 17:15:50 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NYN6m-0004RD-Nc for freebsd-stable@freebsd.org; Fri, 22 Jan 2010 18:15:44 +0100 Received: from static-195-248-102-183.adsl.hotchilli.net ([195.248.102.183]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 22 Jan 2010 18:15:44 +0100 Received: from david000 by static-195-248-102-183.adsl.hotchilli.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 22 Jan 2010 18:15:44 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-stable@freebsd.org From: David Murray Date: Fri, 22 Jan 2010 17:15:21 +0000 Lines: 35 Message-ID: <4B59DD29.6020607@davidmurray.name> References: <659350866.20100120151602@mail.ru> <4B5703A3.6010507@cyb0rg.org> <20100122131937.GA50007@zeninc.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: static-195-248-102-183.adsl.hotchilli.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 In-Reply-To: <20100122131937.GA50007@zeninc.net> Sender: news Subject: Re: IPSec NAT-T in transport mode X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 17:15:50 -0000 Hi Yvan, On 10-01-22 Fri 1:19 pm, VANHULLEBUS Yvan wrote: > On Thu, Jan 21, 2010 at 04:36:12PM +0000, David Murray wrote: > >> On 2010-01-20 Wed 1:22 pm, Crest wrote: >> >>> Yes the NAT-T Patch has been integrated into FreeBSD 8.0. >> >> Are we saying that the NAT-T patch is there, but is missing checksum >> re-calculation, so MPD's packets are going to be discarded? > > Yes, see my other mail in this thread. > > >> (FWIW, this seems to be what happens. All the negotiation to set up >> IPSEC SAs happens, but MPD's log never shows a single entry. I hadn't >> got as far as packet dumps when this thread popped up.) > > And if you have a look at system stats, you'll see lots of UDP packets > dropped because of invalid checksums.... Thanks for taking the time to reply. Actually, I find that each attempt to connect causes netstat -s -p udp to show a few UDP packets arriving and being dropped due to no socket, rather than bad checksums, so maybe I've got some other sort of problem with my mpd config, which I'll look into. -- David Murray