[Openswan Users] Any known problems with NAT Traversal with
Linux 2.4.26/2.6.7?
Herbert Xu
herbert at gondor.apana.org.au
Wed Jul 21 23:23:51 CEST 2004
On Wed, Jul 21, 2004 at 12:51:03PM +0100, Toby Corkindale wrote:
>
> 12:50:23.808600 IP 193.30.123.243.4500 > 123.158.235.14.4500: UDP, length: 116
> 12:50:34.289547 IP 123.158.235.14.4500 > 193.30.123.243.4500: UDP, length: 384
> 12:50:42.892514 IP 193.30.123.243.4500 > 123.158.235.14.4500: UDP, length: 60
> 12:50:53.879619 IP 123.158.235.14.4500 > 193.30.123.243.4500: UDP, length: 384
> 12:51:02.890331 IP 193.30.123.243.4500 > 123.158.235.14.4500: UDP, length: 60
OK so the packet is correct when it arrived.
Please strace pluto by attaching to it with strace -fp and then
attempt the above connection again. You should look out for
the last recvfrom before the
Quick Mode message is for a non-existent (expired?) ISAKMP SA
message.
This should tell us whether pluto is getting the private IP or not.
If it is seeing a private IP then please show us the output of
cat /proc/net/ip_conntrack on the server immeidately after the
above failure. Please also include the output of
iptables -t nat -vnL.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Users
mailing list