[Openswan Users] Any known problems with NAT Traversal with
Linux 2.4.26/2.6.7?
Paul Wouters
paul at xelerance.com
Thu Jul 22 02:35:14 CEST 2004
On Wed, 21 Jul 2004, Toby Corkindale wrote:
> recvfrom(11, "\0\0\0\0\177\215\363\241\321\303\225m\356\364GN\307\27"..., 65536, 0, {sa_family=AF_INET, sin_port=htons(4500), sin_addr=inet_addr("192.168.2.11")}, [16]) = 56
> Jul 21 14:28:02 penfold pluto[2850]: "roadwarrior"[14] 193.30.123.243:4500 #25: transition from state (null) to state STATE_QUICK_R1
> Jul 21 14:28:03 penfold pluto[2850]: packet from 192.168.2.11:4500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Something went wrong here. It is not recognising thid quick mode.
> Chain POSTROUTING (policy ACCEPT 2907 packets, 198K bytes)
> pkts bytes target prot opt in out source destination
> 421 21903 MASQUERADE all -- * ppp0 10.0.0.0/8 0.0.0.0/0
Shouldnt this also have a -d ! 192.168.0.0/16 added to it to prevent
natting the ipsec packets to hell?
Paul
More information about the Users
mailing list