NAT Traversal connection refused. Possible bug in connection.c !!
(not a secret or xxid= mis config)
jcastellet at gregal.info
Fri Apr 8 16:17:53 CEST 2005
I have two Linux debian sid, with kernel 2.6.8 and openswan 2.3.0-2.
Both linux are behind ADSL routers, so they are NATed. The schema is:
Localnet A ... Linux --- ADSL Router ========= ADSL Router ---- Linux
... Localnet B
When I initiate the connection fron one machine to another, the
conection is refused, and the message on syslog is :
initial Main Mode message received on 192.168.3.2:4500 but no connection
has been authorized.
I first think that it was a secret or xxxid= in ipsec.conf problem , but
they were ok,
At log I see that the problem is : the connection attemp is made over
UDP(60001,500) (it is correct due NAT of ADSL router), but openswan not
found the connection because in find_host_pair in file connection.c is
comparing with UDP(500,500)
Is this correct ? I read rfc3947 (offical NAT-T standard) and says that
the connection may occurs on UDP(500,500) or UDP(x,500).
In my case is UDP(6001,500) but openswan only compares with UDP(500,500)
Please, can anybody help me ?
More information about the Dev