Re: Simple IPSEC client with certificate - phase 1 time out

[christos%zoulas.com@localhost (Christos Zoulas)]

On Mar 8, 12:14pm, frank%phoenix.owl.de@localhost (Frank Wille) wrote:
-- Subject: Re: Simple IPSEC client with certificate - phase 1 time out

| Christos Zoulas wrote:
| 
| >>| > If your server is behind NAT, I think that got broken at some point.
| >>| 
| >>| Oh no! :(
| >>
| >>Yes, it is almost working... The tunnel is up, and 3 out of 4 SAD's are
| >>present; the 4th one comes up as larval and then times out... 
| >
| >And it is now fixed and tested on little endian. I have done no testing
| >on big endian. I guess I could boot my sparc64 box and see if the extended
| >rest made the hardware more reliable :-)
| 
| Indeed. It is! Many thanks for your great work! Much appreciated. :)

Great!

| IPsec with Racoon behind NAT is confirmed to work now. Tested on macppc, so
| there is no endian problem.
| 
| Do we get a pullup for netbsd-7, and maybe netbsd-6?

I asked for them just now.

| BTW, my problem with setkey on macppc was caused by the missing swcrypto
| pseudo device in the kernel.
| 
| Our IPsec FAQ should mention that you need that, besides "option IPSEC". I
| know that amd64, i386 and sparc64 have these enabled by default now, but no
| other port has.

URL?

christos