[Openswan dev] Probable Broken NAT-T with latest FC2 kernel (2.6.7-1.494.2.2)

Ken Bantoft ken at xelerance.com
Mon Aug 9 02:53:04 CEST 2004

NAT-T also appears broken in latest Fedora Core 2 kernel:


Aug  8 19:37:51 kbantoft pluto[3154]: "kb-to-bp-38" #3: sent QI2, IPsec SA established {ESP=>0x489df436 <0xb7093be3 NATOA=}
Aug  8 19:38:16 kbantoft pluto[3154]: packet from ##.##.109.70:4500: recvfrom ##.##.109.70:4500 has no Non-ESP marker
Aug  8 19:39:01 kbantoft last message repeated 14 times

Not sure what change this is stemming from, but I'm reporting it now so 
others who run into know that we're aware.

I've tried with Herbert's latest fix, and it doesn't make a difference for 
this case.

On Fri, 6 Aug 2004, Robert Hardy wrote:

> NAT traversal seems to have been broken by changes to UDP encapsulation
> changes in somewhere in the range of 2.6.8-rc1 to rc3. My guess is 2.6.8-rc1
> as Fedora kernels are affected and their patches stopped around 2.6.8-rc1-bk
> something. 2.6.7 still works properly.

Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

More information about the Dev mailing list