[Openswan dev]

Jorge Castellet jcastellet at gregal.info
Mon Apr 11 11:26:36 CEST 2005


Yes , the connection is loaded and ok.

I tried this weekend the new version 2.3.1. 
After examining the source code, I see that, the NAT-T code has been modified. But initial connections in the form UDP(x,500) doesn't works.
I see that function find_host_pair_connections in connections.c has been modified to support this (his_port==0).

But in inI1_outR1 in ipsec_doi.c the call to function find_host_connection not support this feature (ever is called with md->sender_port, instead of 0 if NAT_TRAVERSAL enabled..)

Why?

Regards,
Jorge Castellet. 

-----Mensaje original-----
De: Paul Wouters [mailto:paul at xelerance.com] 
Enviado el: sábado, 09 de abril de 2005 22:06
Para: Jorge Castellet
CC: dev at openswan.org
Asunto: Re: [Openswan dev]

On Fri, 8 Apr 2005, Jorge Castellet wrote:

> When I initiate the connection  fron one machine to another, the 
> conection is refused, and the message on syslog is :
> initial Main Mode message received on 192.168.3.2:4500 but no 
> connection has been authorized.

Are you sure your connection loaded? Do : ipsec auto --add yourconnname and see if there are any errors.

> Is this correct ? I read rfc3947  (offical NAT-T standard) and says 
> that the connection may occurs on UDP(500,500) or UDP(x,500).
> In my case is UDP(6001,500) but openswan only compares with 
> UDP(500,500)

I doubt this is the problem in your case, but many NAT-T fixes went into 2.3.1, so I would try that one.

Paul






More information about the Dev mailing list