The pfSense Store

Author Topic: 1.2.3 RC3 and NAT-Traversal  (Read 6814 times)

0 Members and 1 Guest are viewing this topic.

Offline nojstevens

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
1.2.3 RC3 and NAT-Traversal
« on: November 03, 2009, 03:24:36 pm »
Hello,

I've searched for an answer to this but need help.

Can someone confirm if PFSense 1.2.3 RC3 supports NAT-Traversal?

I read somewhere that 1.2.3 would, but I am getting a NAT-Traversal error when I try to make an IPSEC tunnel using VPN Tracker to pfSense

Thanks

Jon

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: 1.2.3 RC3 and NAT-Traversal
« Reply #1 on: November 03, 2009, 10:00:02 pm »
NAT-T was planned for 1.2.3 but had to be removed.

It caused a lot of regressions and made IPsec unstable for many, many users. It broke tunnel renegotiation, DPD, and other features.

NAT-T will be tried again for 2.0, but it was taken out before 1.2.3-RC3 was released.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline nojstevens

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: 1.2.3 RC3 and NAT-Traversal
« Reply #2 on: November 04, 2009, 06:20:29 am »
Ok, thank you for clearing that up. Glad it wasn't me doing something wrong!

I will try PPTP

Jon

Offline rsingh

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
Re: 1.2.3 RC3 and NAT-Traversal
« Reply #3 on: December 06, 2009, 03:28:39 pm »
Is it completely removed and physically not there or is there a hidden setting I can enable in a conf file to get nat transversal to work?

My IPSec Client-Site is down after upgrading from 1.2.3-RC1 to 1.2.3-RC3.

I'm thinking of downgrading if there's no option to do this.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: 1.2.3 RC3 and NAT-Traversal
« Reply #4 on: December 06, 2009, 03:30:21 pm »
It required kernel support and a special build of ipsec-tools, so it has been completely removed, not just hidden.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline rsingh

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
Re: 1.2.3 RC3 and NAT-Traversal
« Reply #5 on: December 06, 2009, 06:00:09 pm »
thanks for clearing that up. i've downgraded from 1.2.3-RC3 to 1.2.3-RC1 and remote access VPN is working again. With 1.2.3-RC3 I would see phase 1 then phase 2 but not ESP packets, just lots of phase 2. 1.2.3-RC1 works well enough for me.

hopefully some work gets done on 2.0 in the future. i tried a snapshot on the weekend, i now understand the meaning of "alpha-alpha"
« Last Edit: December 06, 2009, 06:31:10 pm by rsingh »