[Openswan dev] NAT-keepalive packet and UDP checksum

Paul Wouters paul at xelerance.com
Fri Oct 22 11:57:06 EDT 2010

On Fri, 22 Oct 2010, Mark Ryden wrote:

>  I had made some tests with OpenSwan when the clients were behind a
> nat, using nat-traversal and UDP encapsulation.
> There are NAT-keepalive packets sent from OpenSwan clients on UDP port 4500.
> I saw in the sniffer that the UDP checksum is not zero.
> This is in contradiction to the RFC 3948,
> "the IPv4 UDP Checksum SHOULD be transmitted as a zero value, and
>   receivers MUST NOT depend upon the UDP checksum being a zero value"

Thanks, I've filed this as a bug: https://bugs.openswan.org/issues/1158

I took a brief look at programs/pluto/nat_traversal.c, but it needs a little more
attention to get fixed.


More information about the Dev mailing list