<html dir="ltr"><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style title="owaParaStyle"><!--P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
--></style>
<meta content="MSHTML 6.00.6000.16890" name="GENERATOR">
</head>
<body ocsi="x">
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">Hi all,</font></div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr"><font face="tahoma" size="2">just want to add that I tried</font></div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr"><font face="tahoma" size="2">rightprotoport=17/%any</font></div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr"><font face="tahoma" size="2">instead of</font></div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr">
<div dir="ltr"><font face="tahoma" size="2">rightprotoport=17/1701</font></div>
</div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr"><font face="tahoma" size="2">as suggested above. No change.</font></div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr"><font face="tahoma" size="2">Kind regards,</font></div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr"><font face="tahoma" size="2">Michael Karlinsky</font></div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div dir="ltr"><font face="tahoma" size="2"></font> </div>
<div id="divRpF41194" style="DIRECTION: ltr">
<hr tabindex="-1">
<font face="Tahoma" size="2"><b>From:</b> users-bounces@openswan.org [users-bounces@openswan.org] On Behalf Of Michael.Karlinsky@tieto.com [Michael.Karlinsky@tieto.com]<br>
<b>Sent:</b> Tuesday, January 05, 2010 9:51 AM<br>
<b>To:</b> users@openswan.org<br>
<b>Subject:</b> [Openswan Users] NAT-T and Transport mode not working?<br>
</font><br>
</div>
<div></div>
<div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">Hi All,</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">there still seems to be a problem regarding NAT-T and Transport-Mode.</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">My setup:</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">A: 192.168.0.10 <--> NAT-Router: 172.30.64.140 (DHCP) <--> B: 172.30.64.190</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">Both systems running a recent SUSE Linux Kernel:</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">A: Linux Openswan U2.6.24rc5/K2.6.27.39-0.2-pae (netkey)<br>
B: Linux Openswan U2.6.24rc5/K2.6.27.39-0.2-default (netkey)</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">I use the following configuration for A and B:</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">A:</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">conn konnektor<br>
left=192.168.0.10<br>
leftrsasigkey=%cert<br>
leftcert=konnektor001.NK.rel234.labKompCA01.valid.cer<br>
leftid=%fromcert<br>
leftprotoport=17/1701</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> right=172.30.64.190<br>
rightrsasigkey=%cert<br>
rightcert=ipsectest.VPNK.rel234.labKompCA01.valid.cer<br>
rightid=%fromcert<br>
rightprotoport=17/1701</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> auto=start</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> authby=rsasig<br>
pfs=yes<br>
rekey=yes</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> dpddelay=60<br>
dpdtimeout=10<br>
dpdaction=hold</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> ike=aes256-sha1-modp1536<br>
ikelifetime=86400s<br>
phase2alg=aes256-sha1<br>
keylife=3600s</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> #type=transport<br>
type=tunnel</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">B:</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">conn vpnk<br>
left=%any<br>
leftrsasigkey=%cert<br>
leftprotoport=17/1701<br>
leftsubnet=vhost:%priv</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> right=172.30.64.190<br>
rightrsasigkey=%cert<br>
rightcert=ipsectest.VPNK.rel234.labKompCA01.valid.cer<br>
rightid=%fromcert<br>
rightprotoport=17/1701</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> auto=add</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> authby=rsasig<br>
pfs=yes<br>
rekey=yes</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> dpddelay=60<br>
dpdtimeout=10<br>
dpdaction=hold</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> ike=aes256-sha1-modp1536<br>
ikelifetime=86400s<br>
phase2alg=aes256-sha1<br>
keylife=3600s</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"> #type=transport</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"><font face="tahoma">
</font>type=tunnel</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">Using Tunnel Mode all is fine.</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2"></font> </div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">Jan 5 09:27:51 ipsectest pluto[26734]: "vpnk"[2] 172.30.64.140 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x4555e56f <0xdc695732 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=172.30.64.140:65193
DPD=enabled}</font></div>
<div dir="ltr"><font face="tahoma" size="2">[...]</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">Jan 5 09:28:07 ipsectest pppd[26778]: PAP peer authentication succeeded for gemuser<br>
</font></div>
<div dir="ltr"><font face="Tahoma" color="#000000" size="2">Using Transport Mode IPSec is still OK, but no PPP connection is possible.</font></div>
<font face="Tahoma" color="#000000" size="2">
<div dir="ltr"><br>
Hope you can help. If you need more info and logfiles please tell me and I will provide them.</div>
<div dir="ltr"> </div>
<div dir="ltr">Kind regards,</div>
<div dir="ltr">Michael Karlinsky<br>
</font></div>
</div>
</body>
</html>