[Openswan Users]
NAT-T in transport mode not working | version 2.1.1
dhiraj.2.bhuyan at bt.com
dhiraj.2.bhuyan at bt.com
Thu May 13 12:04:06 CEST 2004
Greetings List,
I am using Openswan version 2.1.1 to do get the following working -
[A - 192.168.1.192] <--------> [ NAT/Router ] <------> [ B - with globally routable address]
I have Openswan installed on both machines A and B (both using kernel 2.4.24). The NAT/Router is a Linux kernel 2.4.24 box. I can set up an IPSec "tunnel" mode SA between A and B (with nat_traversal = yes on both ends) and everything works fine. However what I actually need is to get this setup work in "transport" mode (I have read the security warnings) - but its failing due to some reason (I have enabled the transport mode). After reading through the mail archive, I did the following -
1. nat_traversal=no on machine A and nat_traversal=yes on machine B. In this situation, I can set up a SA - but the only thing I can do is ping machine B from machine A. Nothing else works.
2. nat_traversal=yes on both machine A and B. When I try to set up a SA, this time it reaches the "ISAKMP established" point but fails at the next step - "initiate". The klips debug message on machine B says - "ipsec_rcv: IKE packet - not handled here" message.
Has anyone got a scenario like this working in transport mode? My ipsec.conf has the following -
conn client-server
left=%any
right=132.146.196.91
type=transport
authby=secret
auto=add
Any help will be greately appreciated.
Thanks,
Dhiraj Bhuyan
Network Security Specialist,
BT Exact Business Assurance Solutions
Tel: +44 1473 643932
Mob: +44 7962 012145
Email: dhiraj.2.bhuyan at bt.com
More information about the Users
mailing list