netbsd-users: Re: 3.1_stable panics with ipnat and isakmp proxy

Subject: Re: 3.1_stable panics with ipnat and isakmp proxy
To: Louis Guillaume <lguillaume@berklee.edu>
From: Matthias Scheler <tron@zhadum.org.uk>
List: netbsd-users
Date: 01/23/2007 12:07:03

On Mon, Jan 22, 2007 at 06:25:56PM -0500, Louis Guillaume wrote:
> ipnat.conf file contains this:
> 
> map sip1 192.168.1.0/24 -> 0.0.0.0/32 proxy port isakmp ipsec/udp
> 
> ... without this line there is no connecting to the VPN in question.

Are you sure about that? Cisco VPN clients usually support NAT-T (RFC 3948)
which encapsulates all IPsec traffic in UDP. They don't need any
"VPN passthrough" support in the NAT router.

I would recomment to check the configuration of the Cisco VPN client
and enable UDP tunneling.

BTW: would you please nevertheless submit a bug report with "send-pr"
     because of the kernel panic?

	Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/