[Openswan Users] Double NAT, no Non-ESP marker

Diederick van Dijk diedvdyk at van-dijk.net
Sun Aug 1 09:08:17 CEST 2004


I trying to build a connection from home to work. Both servers are natted.
The setup is :

(Left) Natted to a.b.c.d
(Right) 10.x--- Natted to e.f.g.h

On the left there is a kernel 2.6 with the latest openswan CVS.
On the right there is a kernel 2.4 with the latest openswan CVS.

The connection is initiated from the left and it seems to start.
Here is a part of the log on the left :

pluto[5995]: "left-right" #1: initiating Main Mode
pluto[5995]: "left-right" #1: received Vendor ID payload 
pluto[5995]: "left-right" #1: enabling possible NAT-traversal with method RFC 
XXXX (NAT-T raversal)
pluto[5995]: "left-right" #1: transition from state STATE_MAIN_I1 to state 
pluto[5995]: "left-right" #1: NAT-Traversal: Result using 
draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
pluto[5995]: "left-right" #1: I am sending my cert
pluto[5995]: "left-right" #1: I am sending a certificate request
pluto[5995]: "left-right" #1: transition from state STATE_MAIN_I2 to state 
pluto[5995]: "left-right" #1: Peer ID is ID_DER_ASN1_DN: <cert data>
pluto[5995]: "left-right" #1: transition from state STATE_MAIN_I3 to state 
pluto[5995]: "left-right" #1: ISAKMP SA established
pluto[5995]: "left-right" #2: initiating Quick Mode 
pluto[5995]: "left-right" #2: transition from state STATE_QUICK_I1 to state 
pluto[5995]: "left-right" #2: sent QI2, IPsec SA established {ESP=>0x66306453 
<0x2f77479c NATOA=}

Unfortunately I'm not able to send any traffic trough the tunnel. The error 
message I get in the left log is:

pluto[5995]: packet from e.f.g.h:4500: recvfrom e.f.g.h:4500 has no Non-ESP 

and a little later in the right log :

pluto[25890]: ERROR: recvfrom on eth1.10 failed; Pluto cannot decode
source sockaddr in rejection: unexpected Address Family. Errno 11: Resource 
temporarily unavailable

Any ideas ?



More information about the Users mailing list