> It seems NAT-T does not work properly. See my previous postings.
I don't personally use mobile IPsec, but I know of people who do, and
are using NAT-T with no issues.
> And it seems there is fix ready (if these topics are related) that is not
> released yet
> (see topic "1.3b2 - IP fragments not passed" in group
That was added in 1.3b3.
"added kernel patch for fragment bug in ipfilter (contributed by Frank Edwards)"