[Openswan dev] [Openswan Users] Road Warrior behind NAT - Aggressive Mode: wrong NAT-T decision
hiren joshi
joshihirenn at gmail.com
Mon Sep 1 11:11:33 EDT 2008
Hello,
Two updates:
Reading the log I found
Aug 30 20:29:02 1220108342 pluto[32262]: "nton-1" #15: DPD: Serious:
could not find newest phase 1 state.
st = find_phase1_state(p2st->st_connection,
ISAKMP_SA_ESTABLISHED_STATES); is failing due to the following:
--- include/pluto_constants.h.orig 2008-09-01 20:25:37.000000000 +0530
+++ include/pluto_constants.h 2008-09-01 20:26:04.000000000 +0530
@@ -272,6 +272,7 @@ enum phase1_role {
|LELEM(STATE_AGGR_I1) | LELEM(STATE_AGGR_I2))
#define ISAKMP_SA_ESTABLISHED_STATES (LELEM(STATE_MAIN_R3) | \
LELEM(STATE_MAIN_I4) | \
+ LELEM(STATE_AGGR_R2) | \
LELEM(STATE_AGGR_I2))
#define IS_PHASE1_INIT(s) ((s) == STATE_MAIN_I1 \
NAT-T detection (both are NATed instead of peer is NATed) became
correct with this patch:
--- programs/pluto/nat_traversal.c.orig Wed Nov 7 08:08:21 2007
+++ programs/pluto/nat_traversal.c Sat Jul 19 15:47:12 2008
@@ -267,7 +267,7 @@
_natd_hash(st->st_oakley.hasher, hash_me
, st->st_icookie, st->st_rcookie
, &(md->iface->ip_addr)
- , ntohs(md->iface->port));
+ , st->st_state == STATE_AGGR_R1 ? ntohs(IKE_UDP_PORT) :
ntohs(md->iface->port));
/**
* The others with sender IP & port
Please share your views on this.
Thanks for your time.
Regards,
-hiren
More information about the Dev
mailing list