[Openswan Users] NAT Traversal support with openswan (which draft version initiator/responder?)

Xiaoming Yu xiaoming at us.ibm.com
Thu Jun 17 12:26:35 CEST 2004


Has anybody here tried NAT-T with Linux as the responder? Without NAT,
every thing works fine, tunnel established. Once I put a NAT box in front
the client (an IBM iSeries server), it won't work. I got the following
message from security log. Does anybody know if Openswan support NAT-T as
responder? If so, which draft version does it support? What's "no
connection has been authorized" mean? How can I get more detailed message,
such as why it doesn't like the message etc? Or even dig into the source
code? (where is it?)

Really appreciate your help and expertise!

Jun 17 11:15:14 vpn pluto[9229]: | **parse ISAKMP Message:
Jun 17 11:15:14 vpn pluto[9229]: |    initiatorcookie:
Jun 17 11:15:14 vpn pluto[9229]: |   6f 2a a8 c3  9b20 c7 b9
Jun 17 11:15:14 vpn pluto[9229]: |    respondercookie:
Jun 17 11:15:14 vpn pluto[9229]: |   00 00 00 00  0000 00 00
Jun 17 11:15:14 vpn pluto[9229]: |    next payloadtype: ISAKMP_NEXT_SA
Jun 17 11:15:14 vpn pluto[9229]: |    ISAKMP version:ISAKMP Version 1.0
Jun 17 11:15:14 vpn pluto[9229]: |    exchange type:ISAKMP_XCHG_IDPROT
Jun 17 11:15:14 vpn pluto[9229]: |    flags: none
Jun 17 11:15:14 vpn pluto[9229]: |    message ID:  0000 00 00
Jun 17 11:15:14 vpn pluto[9229]: |    length: 196
Jun 17 11:15:14 vpn pluto[9229]: | ***parse ISAKMP Security Association
Payload:Jun 17 11:15:14 vpn pluto[9229]: |   next payload type:
ISAKMP_NEXT_VID
Jun 17 11:15:14 vpn pluto[9229]: |    length: 148
Jun 17 11:15:14 vpn pluto[9229]: |    DOI:ISAKMP_DOI_IPSEC
Jun 17 11:15:14 vpn pluto[9229]: | ***parse ISAKMPVendor ID Payload:
Jun 17 11:15:14 vpn pluto[9229]: |    next payloadtype: ISAKMP_NEXT_NONE
Jun 17 11:15:14 vpn pluto[9229]: |    length: 20
Jun 17 11:15:14 vpn pluto[9229]: packet from9.5.56.169:6062: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jun 17 11:15:14 vpn pluto[9229]: packet from
9.5.56.169:6062: initial Main Mode message received on
9.10.109.122:500 but no connection has been authorized
Jun 17 11:15:14 vpn pluto[9229]: | next event EVENT_REINIT_SECRET in 2974
seconds

Thanks again.

Xiaoming Yu
Dept. MR6,  VPN Development
IBM Rochester, MN
Phone: (507)253-5829
Email: xiaoming at us.ibm.com






More information about the Users mailing list