[Openswan Users] Debian openswan Nat-t problem (ESP packets)
Paul Wouters
paul at xelerance.com
Sat Sep 4 02:09:30 CEST 2004
On Fri, 3 Sep 2004, Marco Perrando wrote:
> This is my hypotesis:
> - openswan software recognize it as un UDP encapsulated packet with ESP
> payload
> - it wants to de-encapsulate it.
> - it changes the UDP protocol number into ESP protocol number
> - it forgets to strip out the eight bytes that belong to the UDP packet and
> that do not belong to the ESP
>
> Actually after the eigth bytes of UDP header + UDP encapsulation payload, the
> bytes are those of the ESP packet with the correct SPI number.
> I think that everything would correctly work if those 8 bytes were stripped
> out of the packet.
Since the decapsulation happens in the kernel, this would be a kernel mistake.
Are you using the native 2.6 stack, or KLIPS? And which version?
Paul
More information about the Users
mailing list