[Openswan dev] NAT Traversal connection refused. Possible bug in connection.c !! (not a secret or xxid= mis config)

Jorge Castellet jcastellet at gregal.info
Fri Apr 8 16:17:53 CEST 2005


I have two Linux debian sid, with kernel 2.6.8 and openswan 2.3.0-2.

Both linux are behind ADSL routers, so they are NATed. The schema is:

Localnet A ... Linux --- ADSL Router ========= ADSL Router ---- Linux
... Localnet B

When I initiate the connection  fron one machine to another, the
conection is refused, and the message on syslog is :
initial Main Mode message received on but no connection
has been authorized.

I first think that it was a secret or xxxid= in ipsec.conf problem , but
they were ok,
At log I see that the problem is : the connection attemp is made over
UDP(60001,500)  (it is correct due NAT of ADSL router), but openswan not
found the connection because in find_host_pair in file connection.c is
comparing with UDP(500,500)

Is this correct ? I read rfc3947  (offical NAT-T standard) and says that
the connection may occurs on UDP(500,500) or UDP(x,500). 
In my case is UDP(6001,500) but openswan only compares with UDP(500,500)

Please, can anybody help me ?

Best regards,
Jorge Castellet

More information about the Dev mailing list