[Openswan dev] openswan 2.4.8 Klips natt psk on kernel 2.4

Mark-Andre Hopf mhopf at innominate.com
Fri Jul 20 09:08:23 EDT 2007

On Fri 20.07. 13:50, Ioana Tecuceanu wrote:

> I am using openswan 2.4.8 with klips and i am trying to establish an ipsec 
> tunnel from a natted server to a non-natted client. i am using pre shared 
> keys.
> this appears in my log
> Why the hell is someone passing me a non-ipsec protocol = 17 packet? -- 
> dropped.
> does anyone know if this is an openswan bug or smth like that? 

Protocol 17 aka. UDP is used by IPsec NAT-T, a mechanism required to
traverse NAT gateways. When a NAT gateway is detected IPsec IKE protocol
(UDP on port 500) and ESP both switch to UDP on port 4500.

You may want to adjust your firewall.


Dipl.-Inf. Mark-André Hopf
Senior Software Engineer
Innominate Security Technologies AG
protecting industrial networks
tel: +49.30.6392-3284
fax: +49.30.6392-3307
Albert-Einstein-Str. 14
D-12489 Berlin, Germany

Register Court: AG Charlottenburg, HR B 81603
Management Board: Joachim Fietz, Dirk Seewald
Chairman of the Supervisory Board: Edward M. Stadum

More information about the Dev mailing list