[Openswan dev]
Jorge Castellet
jcastellet at gregal.info
Mon Apr 11 11:26:36 CEST 2005
Yes , the connection is loaded and ok.
I tried this weekend the new version 2.3.1.
After examining the source code, I see that, the NAT-T code has been modified. But initial connections in the form UDP(x,500) doesn't works.
I see that function find_host_pair_connections in connections.c has been modified to support this (his_port==0).
But in inI1_outR1 in ipsec_doi.c the call to function find_host_connection not support this feature (ever is called with md->sender_port, instead of 0 if NAT_TRAVERSAL enabled..)
Why?
Regards,
Jorge Castellet.
-----Mensaje original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviado el: sábado, 09 de abril de 2005 22:06
Para: Jorge Castellet
CC: dev at openswan.org
Asunto: Re: [Openswan dev]
On Fri, 8 Apr 2005, Jorge Castellet wrote:
> When I initiate the connection fron one machine to another, the
> conection is refused, and the message on syslog is :
> initial Main Mode message received on 192.168.3.2:4500 but no
> connection has been authorized.
Are you sure your connection loaded? Do : ipsec auto --add yourconnname and see if there are any errors.
> Is this correct ? I read rfc3947 (offical NAT-T standard) and says
> that the connection may occurs on UDP(500,500) or UDP(x,500).
> In my case is UDP(6001,500) but openswan only compares with
> UDP(500,500)
I doubt this is the problem in your case, but many NAT-T fixes went into 2.3.1, so I would try that one.
Paul
More information about the Dev
mailing list