[Openswan Users] Any known problems with NAT Traversal with Linux 2.4.26/2.6.7?

Toby Corkindale openswan at wintrmute.net
Thu Jul 22 01:40:13 CEST 2004


On Thu, Jul 22, 2004 at 08:08:37AM +1000, Herbert Xu wrote:
> On Wed, Jul 21, 2004 at 02:31:24PM +0100, Toby Corkindale wrote:
> > 
> > How immediate is "immediately"?
> > A couple of minutes later, I still see this present:
> > udp      17 161 src=193.30.123.243 dst=123.158.235.14 sport=4500 dport=4500 src=123.158.235.14 dst=193.30.123.243 sport=4500 dport=4500 [ASSURED] use=1
> > 
> > (That was after grepping for the remote IP (193.30.123.243)- I have removed
> > the rest, which I believe are unrelated lines, as the server is quite busy and
> > ip_conntrack is quite long)
> 
> What if you grep for 192.168?

I believe there was nothing; I'll double-check tomorrow morning though.

> > If it's useful to know:
> > This server is running kernel 2.4.26 w/OpenSwan KLIPS 2.1.4, and includes
> > the NAT-T kernel patch.
> 
> Since you don't have any NAT rules, this looks like a kernel bug.
> Would it be possible to try running 2.6 or 2.4.26+26sec on the server?

Unfortunately the server has some custom 2.4-only drivers for the PCI ADSL
card, so I can't run 2.6. (Although the drivers are available at
http://wintrmute.net/software/ if anyone wants to find the time to port them! :)

I'd be willing to give the 26sec stuff a go for the sake of testing the bug,
but won't have a chance immediately as the server is in use most of the time.

I'll see if I can find any workarounds in the following days.

Cheers,
Toby

-- 
Turning and turning in the widening gyre/The falcon cannot hear the falconer;
Things fall apart, the centre cannot hold/Mere anarchy is loosed upon the world
(gpg --keyserver www.co.uk.pgp.net --recv-key 897E5FF3)


More information about the Users mailing list