[Openswan dev] Re: Openswan NAT-T broken on 2.6.8-rc1 and later (by udp.c changes perhaps)

Herbert Xu herbert at gondor.apana.org.au
Fri Aug 6 17:00:54 CEST 2004


On Fri, Aug 06, 2004 at 01:07:27AM -0400, Robert Hardy wrote:
>
> Aug  5 23:46:00 hosta pluto[5989]: adding interface lo/lo 10.0.0.1:4500
> Aug  5 23:46:00 hosta pluto[5989]: adding interface lo/lo 127.0.0.1
> Aug  5 23:46:00 hosta kernel: RHDEBUG: udp_setsockopt: val=1 optname=100
> Aug  5 23:46:00 hosta pluto[5989]: calling nat_traversal_espinudp_socket 
> ESPINUDP_WITH_NON_ESP=2
> Aug  5 23:46:00 hosta kernel: RHDEBUG: udp_setsockopt: val=2 optname=100
> Aug  5 23:46:00 hosta pluto[5989]: adding interface lo/lo 127.0.0.1:4500
> Aug  5 23:46:00 hosta kernel: RHDEBUG: udp_setsockopt: val=1 optname=100

ESPINUDP has been enabled for the IPv4 socket.

> Aug  5 23:46:00 hosta pluto[5989]: | found lo with address 
> 0000:0000:0000:0000:0000:0000:0000:0001
> Aug  5 23:46:00 hosta kernel: RHDEBUG: udp_setsockopt: val=2 optname=100
> Aug  5 23:46:00 hosta pluto[5989]: NAT-Traversal: ESPINUDP(1) not supported 
> by kernel -- NAT-T disabled (r=-1)

Then it tries to enable it with IPv6.  There is absolutely no support
for ESPINUDP over IPv6 in Linux so it fails.

Previous versions of Linux incorrectly reported success in this case.
In fact, they reported success regardless of the value you pass to it.
This was fixed recently.

So openswan should be fixed to handle failure in the IPv6 case.  I'll
see if I can whip a patch.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


More information about the Dev mailing list