[Openswan dev] Patch for NAT-T bug of WatchGuard's Firebox SOHO 6

Paul Wouters paul at xelerance.com
Mon Apr 25 19:00:43 CEST 2005


On Sun, 24 Apr 2005, Sergio de Souza Prallon wrote:

> This is a small interoperability patch for OpenSwan-1.0.9 to make it
> accept connections from Fireboxes with broken firmware versions. The
> problem shows up when the Firebox is behind a NAT device and tries to
> connect to an OpenSwan server. At the ESP SA negotiation, it uses an
> invalid code for the `Encapsulation Mode' Transform attribute making
> OpenSwan refuse the connection. The code sent is `61433' decimal. I
> believe it should be `61443' as it means `ESP over UDP encapsulation
> as per IETF Draft', which makes sense at the above scenario.

Thanks!

Patch has been added to the patch queue. You cna follow this item at:
http://bugs.xelerance.com/view.php?id=273

Paul


More information about the Dev mailing list