# IPSec doesn't work with 11.0-RC3



## marantz (Sep 21, 2016)

Hello, I've recently upgraded to FreeBSD 11.0-RC3. Strongswan tunnels came up as usual but there is no traffic being sent, I can't even see anything with tcpdump. I'm using GENERIC now, which has IPSec by default. How can I debug this further?

My normal firewall is PF, but I've tried with PF disabled as well.

EDIT: I did use IPSEC_NAT_T option with 10.3 kernel...
I noticed this isn't included, could that be the reason? If so that sounds a bit "stupid".


----------



## marantz (Sep 23, 2016)

Not that I can compile my kernel becouse of cftmerge hangs...


----------



## obsigna (Sep 23, 2016)

marantz said:


> ...
> 
> EDIT: I did use IPSEC_NAT_T option with 10.3 kernel...
> I noticed this isn't included, could that be the reason?



That depends on the two IPsec endpoints. If one or both of them are behind NAT, then this can be a reason, if NAT is not involved, then IPSEC_NAT_T should be not necessary.


----------



## marantz (Sep 23, 2016)

Yes I know I need it, just thought nat_t would be default in 11 kernel now what ipsec is, but it doesnt looks that way. Ill try with nat_t once I figure out why I cant compile


----------

