[Openswan Users] Debian openswan Nat-t problem (ESP packets)

Paul Wouters paul at xelerance.com
Sat Sep 4 02:09:30 CEST 2004

On Fri, 3 Sep 2004, Marco Perrando wrote:

> This is my hypotesis:
> - openswan software recognize it as un UDP encapsulated packet with ESP 
> payload
> - it wants to de-encapsulate it.
> - it changes the UDP protocol number into ESP protocol number
> - it forgets to strip out the eight bytes that belong to the UDP packet and 
> that do not belong to the ESP
> Actually after the eigth bytes of UDP header + UDP encapsulation payload, the 
> bytes are those of the ESP packet with the correct SPI number.
> I think that everything would correctly work if those 8 bytes were stripped 
> out of the packet.

Since the decapsulation happens in the kernel, this would be a kernel mistake.
Are you using the native 2.6 stack, or KLIPS? And which version?


More information about the Users mailing list