<div>hello, </div>
<div> </div>
<div>I found the uniqueids in ipsec.conf don't work when more than one roadworriers behind NAT. The remote client is lsipsectool, OS is Windows XP professional。</div>
<div> </div>
<div>The code about this problem is in ISAKMP_SA_established():</div>
<div><br> if (d->kind >= CK_PERMANENT<br> && same_id(&c-><a href="http://spd.that.id">spd.that.id</a>, &d-><a href="http://spd.that.id">spd.that.id</a>)<br> && !sameaddr(&c->
spd.that.host_addr, &d->spd.that.host_addr))<br> {<br> release_connection(d, FALSE);<br> }</div>
<div> </div>
<div>Because the IP address after NAT is not changed, so openswan think it come from the same client, this caused the uniqueids invalid. </div>
<div> </div>
<div>I found there a patch in <a href="http://bugs.xelerance.com">bugs.xelerance.com</a> from Herbert Xu:</div>
<div> </div>
<div>@@ -3340,8 +3340,10 @@<br> struct connection *next = d->ac_next; /* might move underneath us */<br> <br> if (d->kind >= CK_PERMANENT<br>+ && same_id(&c-><a href="http://spd.this.id">
spd.this.id</a>, &d-><a href="http://spd.this.id">spd.this.id</a>)<br> && same_id(&c-><a href="http://spd.that.id">spd.that.id</a>, &d-><a href="http://spd.that.id">spd.that.id</a>)<br>- && !sameaddr(&c->
spd.that.host_addr, &d->spd.that.host_addr))<br>+ && (!sameaddr(&c->spd.that.host_addr, &d->spd.that.host_addr)<br>+ || (c->spd.that.host_port != d->spd.that.host_port)))<br> {
<br> release_connection(d, FALSE);<br> }</div>
<div> </div>
<div>I test it, but can't work too. because both oe the host_port are 500. </div>
<div> </div>
<div>I don't have any good ways for this. Can you give me some suggestions.</div>
<div> </div>
<div>Thanks and regards.</div>
<div> </div>
<div>Liuhy</div>
<div> </div>