Re: Simple IPSEC client with certificate - phase 1 time out

To: Christos Zoulas <christos%zoulas.com@localhost>, NetBSD User Maillist <netbsd-users%netbsd.org@localhost>
Subject: Re: Simple IPSEC client with certificate - phase 1 time out
From: Frank Wille <frank%phoenix.owl.de@localhost>
Date: Tue, 08 Mar 2016 12:14:10 +0100

Christos Zoulas wrote:

>>| > If your server is behind NAT, I think that got broken at some point.
>>| 
>>| Oh no! :(
>>
>>Yes, it is almost working... The tunnel is up, and 3 out of 4 SAD's are
>>present; the 4th one comes up as larval and then times out... 
>
>And it is now fixed and tested on little endian. I have done no testing
>on big endian. I guess I could boot my sparc64 box and see if the extended
>rest made the hardware more reliable :-)

Indeed. It is! Many thanks for your great work! Much appreciated. :)

IPsec with Racoon behind NAT is confirmed to work now. Tested on macppc, so
there is no endian problem.

Do we get a pullup for netbsd-7, and maybe netbsd-6?

BTW, my problem with setkey on macppc was caused by the missing swcrypto
pseudo device in the kernel.

Our IPsec FAQ should mention that you need that, besides "option IPSEC". I
know that amd64, i386 and sparc64 have these enabled by default now, but no
other port has.

-- 
Frank Wille

Follow-Ups:
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Greg Troxel
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Christos Zoulas

References:
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Frank Wille
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Christos Zoulas

Prev by Date: Re: wireless WPA disconnection issues
Next by Date: Re: Simple IPSEC client with certificate - phase 1 time out
Previous by Thread: Re: Simple IPSEC client with certificate - phase 1 time out
Next by Thread: Re: Simple IPSEC client with certificate - phase 1 time out
Indexes:

Home | Main Index | Thread Index | Old Index