Date: Fri, 22 Jan 2010 17:15:21 +0000 From: David Murray <david000@davidmurray.name> To: freebsd-stable@freebsd.org Subject: Re: IPSec NAT-T in transport mode Message-ID: <4B59DD29.6020607@davidmurray.name> In-Reply-To: <20100122131937.GA50007@zeninc.net> References: <659350866.20100120151602@mail.ru> <4B5703A3.6010507@cyb0rg.org> <hj9vps$dnm$1@ger.gmane.org> <20100122131937.GA50007@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Yvan, On 10-01-22 Fri 1:19 pm, VANHULLEBUS Yvan wrote: > On Thu, Jan 21, 2010 at 04:36:12PM +0000, David Murray wrote: > >> On 2010-01-20 Wed 1:22 pm, Crest wrote: >> >>> Yes the NAT-T Patch has been integrated into FreeBSD 8.0. >> >> Are we saying that the NAT-T patch is there, but is missing checksum >> re-calculation, so MPD's packets are going to be discarded? > > Yes, see my other mail in this thread. > > >> (FWIW, this seems to be what happens. All the negotiation to set up >> IPSEC SAs happens, but MPD's log never shows a single entry. I hadn't >> got as far as packet dumps when this thread popped up.) > > And if you have a look at system stats, you'll see lots of UDP packets > dropped because of invalid checksums.... Thanks for taking the time to reply. Actually, I find that each attempt to connect causes netstat -s -p udp to show a few UDP packets arriving and being dropped due to no socket, rather than bad checksums, so maybe I've got some other sort of problem with my mpd config, which I'll look into. -- David Murray
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B59DD29.6020607>