[Openswan dev] NAT-T in the face of changing IPs
paul at xelerance.com
Wed Jul 25 11:14:40 EDT 2007
On Tue, 24 Jul 2007, Michael Richardson wrote:
> Note that packets to port 500 are coming from 22.214.171.124.500, while
> packets to port 4500 are coming from 126.96.36.199.5029.
> I.e. a different UDP port. Apparently, this is a problem for openswan.
> Was this a case that I just didn't code for, or is this a gap in the
This has come up in the past. I believe the right thing to do is to junk
the UDP header completely. Why are we doing any authentication on it? It's
just a carrier pigeon.
Decapsulate the packet into an ESP packet, and then do normal processing
More information about the Dev