RE: [m0n0wall] FW: m0n0wall blocks incoming UDP 500

From:	"Polus, Tomasz" <tomek at polvision dot com dot pl>
To:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] FW: m0n0wall blocks incoming UDP 500
Date:	Wed, 15 Mar 2006 08:44:32 +0100

> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com] 
> Sent: Wednesday, March 15, 2006 1:15 AM
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] FW: m0n0wall blocks incoming UDP 500
> 
> On 3/14/06, Polus, Tomasz <tomek at polvision dot com dot pl> wrote:
> >
> > Come on guys, I don't believe m0n0wall working as a NAT 
> gateway cannot 
> > pass returning UDP 500 packets....
> 
> Of course it can.  That's not the problem.  The problem is 
> most likely that you don't have NAT-T enabled on the Linksys 
> you're connecting to.

Nope. As I stated before, Linux NAT works great in this configuration.
After switching from Linux to m0n0wall - connection cannot be
established.

Me --- Linux NAT      --- INTERNET --- Linksys VPN router  = YES
Me --- m0n0wall NAT --- INTERNET --- Linksys VPN router  = NO

>  The process of NAT breaks IPsec unless the terminating 
> device supports and has NAT-T enabled.  Previously, you may 
> have had ESP forwarded to your machine, but ipfilter doesn't 
> support anything but TCP and UDP on non-1:1 forwards.

In other words.... Linux can do it, but FreeBSD cannot? Very
interesting....

-- 
Tomasz Polus, Polvision