[Openswan dev] NAT-keepalive packet and UDP checksum

Mark Ryden markryde at gmail.com
Fri Oct 22 01:58:53 EDT 2010

  I had made some tests with OpenSwan when the clients were behind a
nat, using nat-traversal and UDP encapsulation.

There are NAT-keepalive packets sent from OpenSwan clients on UDP port 4500.
I saw in the sniffer that the UDP checksum is not zero.

This is in contradiction to the RFC 3948,

"the IPv4 UDP Checksum SHOULD be transmitted as a zero value, and
   receivers MUST NOT depend upon the UDP checksum being a zero value"

Mark Ryden

More information about the Dev mailing list