Thanks for your reply. But, I still have few misunderstandings.
I can't got my installation work properly with NAT-T, without NAT on my ADSL connections everything work fine, but when I go through my Wi-Fi with NAT it won't work.
I apply patch.
System rebuild with world:
My kernel additional options:
My log file. First part (NAT, NO_NAT) identical, second part (NO_NAT) the connection is established.
I will be glad for any help.
I can't got my installation work properly with NAT-T, without NAT on my ADSL connections everything work fine, but when I go through my Wi-Fi with NAT it won't work.
I apply patch.
System rebuild with world:
Code:
FreeBSD test 10.1-STABLE FreeBSD 10.1-STABLE #6 r280344M: Sun Mar 22 21:24:06 EET 2015 root@test:/usr/obj/usr/src/sys/current amd64
Code:
options><------>IPSEC
options><------>IPSEC_DEBUG
device<><------>crypto
options><------>IPSEC_NAT_T
device<><------>enc
device<><------>pf
device<><------>pflog
device<><------>pfsync
options><------>ALTQ
options><------>ALTQ_CBQ # Class Bases Queuing (CBQ)
options><------>ALTQ_RED # Random Early Detection (RED)
options><------>ALTQ_RIO # RED In/Out
options><------>ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options><------>ALTQ_PRIQ # Priority Queuing (PRIQ)
options><------>ALTQ_CDNR
options><------>ALTQ_NOPCC # Required for SMP build
options><------>NETGRAPH
options><------>NETGRAPH_ETHER
options><------>NETGRAPH_SOCKET
options><------>NETGRAPH_TEE
options><------>NETGRAPH_MPPC_ENCRYPTION
options><------>NETGRAPH_MPPC_COMPRESSION
options><------>NETGRAPH_BPF
options><------>NETGRAPH_IFACE
options><------>NETGRAPH_KSOCKET
options><------>NETGRAPH_PPP
options><------>NETGRAPH_PPTPGRE
options><------>NETGRAPH_TCPMSS
options><------>NETGRAPH_VJC
options><------>NETGRAPH_ONE2MANY
options><------>NETGRAPH_RFC1490
options><------>NETGRAPH_TEE
options><------>NETGRAPH_TTY
options><------>NETGRAPH_UI
Code:
Mar 22 17:50:37 14[ENC] <1> parsed ID_PROT request 0 [ ID HASH ]
Mar 22 17:50:37 14[CFG] <1> looking for pre-shared key peer configs matching x.x.x.x...y.y.y.y[192.168.1.20]
Mar 22 17:50:37 14[CFG] <1> selected peer config "L2TP/IPsec-PSK"
Mar 22 17:50:37 14[IKE] <L2TP/IPsec-PSK|1> IKE_SA L2TP/IPsec-PSK[1] established between x.x.x.x[x.x.x.x]...y.y.y.y[192.168.1.20]
Mar 22 17:50:37 14[IKE] <L2TP/IPsec-PSK|1> scheduling reauthentication in 10240s
Mar 22 17:50:37 14[IKE] <L2TP/IPsec-PSK|1> maximum IKE_SA lifetime 10780s
Mar 22 17:50:37 14[ENC] <L2TP/IPsec-PSK|1> generating ID_PROT response 0 [ ID HASH ]
Mar 22 17:50:37 14[NET] <L2TP/IPsec-PSK|1> sending packet: from x.x.x.x[4500] to y.y.y.y[4500] (76 bytes)
Mar 22 17:50:37 15[NET] <L2TP/IPsec-PSK|1> received packet: from y.y.y.y[4500] to x.x.x.x[4500] (332 bytes)
Mar 22 17:50:37 15[ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 22 17:50:37 15[IKE] <L2TP/IPsec-PSK|1> received 250000000 lifebytes, configured 0
Mar 22 17:50:37 15[ENC] <L2TP/IPsec-PSK|1> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 22 17:50:37 15[NET] <L2TP/IPsec-PSK|1> sending packet: from x.x.x.x[4500] to y.y.y.y[4500] (204 bytes)
Mar 22 17:50:37 15[NET] <L2TP/IPsec-PSK|1> received packet: from y.y.y.y[4500] to x.x.x.x[4500] (60 bytes)
Mar 22 17:50:37 15[ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 1 [ HASH ]
Mar 22 17:50:37 15[IKE] <L2TP/IPsec-PSK|1> CHILD_SA L2TP/IPsec-PSK{1} established with SPIs c8f95a4c_i 4bffdc99_o and TS x.x.x.x/32[udp/l2f] === y.y.y.y/32[udp/l2f]
Mar 22 17:51:12 14[NET] <L2TP/IPsec-PSK|1> received packet: from y.y.y.y[4500] to x.x.x.x[4500] (76 bytes)
Mar 22 17:51:12 14[ENC] <L2TP/IPsec-PSK|1> parsed INFORMATIONAL_V1 request 1219894490 [ HASH D ]
Mar 22 17:51:12 14[IKE] <L2TP/IPsec-PSK|1> received DELETE for ESP CHILD_SA with SPI 4bffdc99
Mar 22 17:51:12 14[IKE] <L2TP/IPsec-PSK|1> closing CHILD_SA L2TP/IPsec-PSK{1} with SPIs c8f95a4c_i (774 bytes) 4bffdc99_o (0 bytes) and TS x.x.x.x/32[udp/l2f] === y.y.y.y/32[udp/l2f]
Mar 22 17:51:12 10[NET] <L2TP/IPsec-PSK|1> received packet: from y.y.y.y[4500] to x.x.x.x[4500] (92 bytes)
Mar 22 17:51:12 10[ENC] <L2TP/IPsec-PSK|1> parsed INFORMATIONAL_V1 request 1641099219 [ HASH D ]
Mar 22 17:51:12 10[IKE] <L2TP/IPsec-PSK|1> received DELETE for IKE_SA L2TP/IPsec-PSK[1]
Mar 22 17:51:12 10[IKE] <L2TP/IPsec-PSK|1> deleting IKE_SA L2TP/IPsec-PSK[1] between x.x.x.x[x.x.x.x]...y.y.y.y[192.168.1.20]
###################################################
###################################################
Mar 22 18:02:17 10[NET] <2> received packet: from y.y.y.y[500] to x.x.x.x[500] (384 bytes)
Mar 22 18:02:17 10[ENC] <2> parsed ID_PROT request 0 [ SA V V V V V V V ]
Mar 22 18:02:17 10[IKE] <2> received MS NT5 ISAKMPOAKLEY vendor ID
Mar 22 18:02:17 10[IKE] <2> received NAT-T (RFC 3947) vendor ID
Mar 22 18:02:17 10[IKE] <2> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 22 18:02:17 10[IKE] <2> received FRAGMENTATION vendor ID
Mar 22 18:02:17 10[ENC] <2> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Mar 22 18:02:17 10[ENC] <2> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Mar 22 18:02:17 10[ENC] <2> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Mar 22 18:02:17 10[IKE] <2> y.y.y.y is initiating a Main Mode IKE_SA
Mar 22 18:02:17 10[ENC] <2> generating ID_PROT response 0 [ SA V V V ]
Mar 22 18:02:17 10[NET] <2> sending packet: from x.x.x.x[500] to y.y.y.y[500] (136 bytes)
Mar 22 18:02:17 10[NET] <2> received packet: from y.y.y.y[500] to x.x.x.x[500] (228 bytes)
Mar 22 18:02:17 10[ENC] <2> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 22 18:02:17 10[ENC] <2> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mar 22 18:02:17 10[NET] <2> sending packet: from x.x.x.x[500] to y.y.y.y[500] (212 bytes)
Mar 22 18:02:17 10[NET] <2> received packet: from y.y.y.y[500] to x.x.x.x[500] (76 bytes)
Mar 22 18:02:17 10[ENC] <2> parsed ID_PROT request 0 [ ID HASH ]
Mar 22 18:02:17 10[CFG] <2> looking for pre-shared key peer configs matching x.x.x.x...y.y.y.y[y.y.y.y]
Mar 22 18:02:17 10[CFG] <2> selected peer config "L2TP/IPsec-PSK"
Mar 22 18:02:17 10[IKE] <L2TP/IPsec-PSK|2> IKE_SA L2TP/IPsec-PSK[2] established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Mar 22 18:02:17 10[IKE] <L2TP/IPsec-PSK|2> scheduling reauthentication in 10161s
Mar 22 18:02:17 10[IKE] <L2TP/IPsec-PSK|2> maximum IKE_SA lifetime 10701s
Mar 22 18:02:17 10[ENC] <L2TP/IPsec-PSK|2> generating ID_PROT response 0 [ ID HASH ]
Mar 22 18:02:17 10[NET] <L2TP/IPsec-PSK|2> sending packet: from x.x.x.x[500] to y.y.y.y[500] (76 bytes)
Mar 22 18:02:17 13[NET] <L2TP/IPsec-PSK|2> received packet: from y.y.y.y[500] to x.x.x.x[500] (316 bytes)
Mar 22 18:02:17 13[ENC] <L2TP/IPsec-PSK|2> parsed QUICK_MODE request 1 [ HASH SA No ID ID ]
Mar 22 18:02:17 13[IKE] <L2TP/IPsec-PSK|2> received 250000000 lifebytes, configured 0
Mar 22 18:02:17 13[ENC] <L2TP/IPsec-PSK|2> generating QUICK_MODE response 1 [ HASH SA No ID ID ]
Mar 22 18:02:17 13[NET] <L2TP/IPsec-PSK|2> sending packet: from x.x.x.x[500] to y.y.y.y[500] (188 bytes)
Mar 22 18:02:17 13[NET] <L2TP/IPsec-PSK|2> received packet: from y.y.y.y[500] to x.x.x.x[500] (60 bytes)
Mar 22 18:02:17 13[ENC] <L2TP/IPsec-PSK|2> parsed QUICK_MODE request 1 [ HASH ]
Mar 22 18:02:17 13[IKE] <L2TP/IPsec-PSK|2> CHILD_SA L2TP/IPsec-PSK{2} established with SPIs c89b837b_i 95b272f6_o and TS x.x.x.x/32[udp/l2f] === y.y.y.y/32[udp/l2f]
Mar 22 18:02:18 13[KNL] interface ng0 appeared
Mar 22 18:02:18 13[IKE] <L2TP/IPsec-PSK|2> old path is not available anymore, try to find another
Mar 22 18:02:18 13[IKE] <L2TP/IPsec-PSK|2> looking for a route to y.y.y.y ...
Mar 22 18:02:18 14[KNL] 192.168.0.7 appeared on ng0
I will be glad for any help.
Last edited by a moderator: