[Openswan dev] more than 20 payloads in message; (fwd)

[Paul Wouters]

---------- Forwarded message ----------
Date: Fri, 18 Mar 2005 12:08:42 +0100 (CET)
From: Matthias Haas <mh at pompase.net>
To: users at openswan.org
Subject: [Openswan Users]

Hi all,
I have a problem to establish VPN connections with NAT-Traversal turned on
on both sides. My scenario is one host ("the server") with an fixed IP
address and a roadwarrior with dynamic IP.
Server: IPSec base interface is a simple eth device. It is connected to
the internet through a routed network, which requires leftnextjop to be
set.
Roadwarrior: IPSec is connected to defaultroute.

Both sides use openswan 2.1.4. The server provides round about 20 VPN
connections all using certificates to authenticate. Some certificates are
selfsigned some or signed by a CA certifictate. All worked fine until I
added an additional vpn connection. After that I got the following output
from the roadwarrior:

received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
pluto[19825]: "server_0-TZA_sn-sn_10.116.195.0_24-194.42.182.163_32" #26:
enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal)
pluto[19825]: "server_0-TZA_sn-sn_10.116.195.0_24-194.42.182.163_32" #26:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
pluto[19825]: "server_0-TZA_sn-sn_10.116.195.0_24-194.42.182.163_32" #26:
more than 20 payloads in message; ignored

a) What bothers me is that it assumes that there is a need for NAT
Traversal, but both hosts are directly connected to the internet.
b) What does the message "more than 20 payloads in message; ignored". Is
there a limit to the number of conections I can configure, because as soon
as I remove one connection I am able to establish all tunnels.
c) As soon as I disable NAT-T on one side all connections (without
removing one) work out of the box.

Kind regards
Matthias



_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users