[Openswan dev] "NAT-Traversal: Result using 3"

Jacco de Leeuw jacco2 at dds.nl
Fri Nov 10 07:36:02 EST 2006

> With an RFC 3947 compliant initiator I get the following when connecting
> to Openswan:
> ~  NAT-Traversal: Result using 3: peer is NATed

That patch was incomplete. The reported NAT-T method was incorrect
when Openswan was the responder. It's mostly a cosmetic problem
because the correct method was still used.

I guess it's a good idea to maintain the order of NAT-T methods
consistently, including in nat_traversal_show_result() in
nat_traversal.c. See the patch below. The reported method
in ipsec_doi.c was one off, so I inserted a shift right.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vid.patch
Type: text/x-patch
Size: 1632 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20061110/a385df39/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/dev/attachments/20061110/a385df39/attachment-0001.bin 

More information about the Dev mailing list