[Openswan dev] Patch for NAT-T bug of WatchGuard's Firebox SOHO
6
Paul Wouters
paul at xelerance.com
Mon Apr 25 19:00:43 CEST 2005
On Sun, 24 Apr 2005, Sergio de Souza Prallon wrote:
> This is a small interoperability patch for OpenSwan-1.0.9 to make it
> accept connections from Fireboxes with broken firmware versions. The
> problem shows up when the Firebox is behind a NAT device and tries to
> connect to an OpenSwan server. At the ESP SA negotiation, it uses an
> invalid code for the `Encapsulation Mode' Transform attribute making
> OpenSwan refuse the connection. The code sent is `61433' decimal. I
> believe it should be `61443' as it means `ESP over UDP encapsulation
> as per IETF Draft', which makes sense at the above scenario.
Thanks!
Patch has been added to the patch queue. You cna follow this item at:
http://bugs.xelerance.com/view.php?id=273
Paul
More information about the Dev
mailing list