[Openswan dev] NAT-Traversal 6.0 / FreeSWAN / Softremote
Sascha Hoffzimmer
sh at sh-ct.de
Fri Jan 30 17:49:21 CET 2004
Hello,
Till beginning of january I had serios problems to get NAT-Traversal with
SafeNet SoftRemote 10 over an 3COM Broadband Router
running. So I debugged pluto and had found the problem and how to
deal with it. The problem lies in the function stf_status
main_inI2_outR2(struct msg_digest *md)
Because DEBUG is defined in the Makefile of pluto for default.
The following call is always executed
/if (!build_and_ship_nonce(&st->st_nr, &md->rbody
, (cur_debugging & IMPAIR_BUST_MR2)? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
, "Nr"))/
This Line sends imho always ISAKMP_NEXT_NONE. Correctly there must
follow the decision
if to send the ISAKMP_NEXT_CR in that Line:
/if (!build_and_ship_nonce(&st->st_nr, &md->rbody,
(send_cr)? ISAKMP_NEXT_CR : ISAKMP_NEXT_NONE, "Nr"))/
As Softremote is seeing the NONE Payload it ignores correctly all
following payloads, which include
the CR and NAT-D Requests. So it behaves normally and tries to build the
tunnel with ESP
further.
So I had to replace the #ifdef DEBUG near Line 2981 of ipsec_doi.c with
#if 0 and that's it.
Feel free to send comments or requests to me.
Best regards
Sascha Hoffzimmer
--
Sascha Hoffzimmer Computertechnik (sh-ct)
Am Weyerhof 24
D-50226 Frechen
fon: +49 2234 272484
fax: +49 2234 272485
http://www.sh-ct.de
UStID: DE204578460
_______________________________________________
FreeS/WAN Users mailing list
users at lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
______________________________________________________________________
FreeS/WAN Users-moderated mailing list
You are subscribed to a moderated version of the Users list.
https://lists.freeswan.org/cgi-bin/mj_wwwusr
More information about the Dev
mailing list