[Openswan Users] more about ignored or processed SA delete messages

Paul Wouters paul at xelerance.com
Wed Dec 8 23:13:25 CET 2004

On Wed, 8 Dec 2004, albert agusti wrote:

> The problem I reported (last e-mail today) that arises when Initiator
> end restarts ipsec and leaves as only solution similar actions on
> Responder side to avoid "no connection authorized". The problem IS
> RELATED TO NAT TRAVERSAL FEATURE. I've just reproduced the scenario in a
> local LAN and ALL WORKS FINE. NO PROBLEM ARISES. I think there's
> something broken there. Could you take a look at it ? I can send you any
> logs that could help you to debug and find the solution. Please, let me
> know if you are already on it. I don't want to be annoying with this
> topic but I need IPsec between NATed gateways.

If you wish for developers to more quickly address your problem, you can
do two things.

1) write a clear bug entry in http://bugs.openswan.org, include if possible
the logfiles showing the problem

But better:

2) write a UML testcase (see openswan-2/testing) that demonstrates the bug in
    such a way that our developers can reproduce it.

It is often extremely difficult to reproduce a bug based on reports of people
despite everyone's best intention.

But it seems that there does exist some bug in rekeying that happens only with
NAT-T. I've seen a few people report problems with this now.


More information about the Users mailing list