[Openswan dev] [Openswan Users] Road Warrior behind NAT - Aggressive Mode: wrong NAT-T decision
Paul Wouters
paul at xelerance.com
Wed Aug 27 15:47:24 EDT 2008
On Wed, 27 Aug 2008, hiren joshi wrote:
> While working on the issue I observe that: in programs/pluto/demux.c
> 'complete_state_transition' calls 'nat_traversal_change_port_lookup' only if the state transition requested to
> send a reply packet.
> As in aggressive mode, there will be no reply packet in transition from STATE_AGGR_R1 to STATE_AGGR_R2, port
> floating will not happen for p1st (phase-1 SA).
>
> The following patch calls 'nat_traversal_change_port_lookup' unconditional to sending reply packet.
Thanks. The patch has been applied and will be in openswan 2.6.18.
Paul
More information about the Dev
mailing list