[Openswan Users] Problem with XP SP2 and NAT-T
Olivier JAVAUX
olivier.javaux at ib-group.com
Thu Nov 11 11:40:41 CET 2004
Hello,
I am trying to set a tunnel with NAT-T between an OpenSwan gateway
and a roadwarrior with Windows XP SP2
(I had already done ESP tunnel between FreeSwan and XP SP1)
I don't succeed to establish the tunnel.
After investigation, I think that I have identified the problem.
During the protocol initialization, Windows tries to send a very big packet (1596 bytes) :
11-11: 11:26:10:361:36c Sending: SA = 0x000C9048 to 213.56.232.64:Type 2.4500
11-11: 11:26:10:361:36c ISAKMP Header: (V1.0), len = 1596
11-11: 11:26:10:361:36c I-COOKIE bbbfd174b88f6885
11-11: 11:26:10:361:36c R-COOKIE ba02b5aa59dab9e6
11-11: 11:26:10:361:36c exchange: Oakley Main Mode
11-11: 11:26:10:361:36c flags: 1 ( encrypted )
11-11: 11:26:10:361:36c next payload: ID
11-11: 11:26:10:361:36c message ID: 00000000
11-11: 11:26:10:361:36c Ports S:9411 D:9411
11-11: 11:26:10:932:5e0 retransmit: sa = 000C9048 centry 00000000 , count = 1
This packet is then fragmented, with an initial packet according the MTU and
a IP fragment following.
These two packets never reach my gateway.
Why windows has to send 1596 bytes for a SA ?????
Is there a way to avoid this IP fragmentation ?????
Thx for your help.
More information about the Users
mailing list