[Openswan Users] Port 1 - solution
Paul Wouters
paul at xelerance.com
Fri Apr 1 11:07:34 CEST 2005
On Thu, 31 Mar 2005, Stephen J. McCracken wrote:
> This is just to get this in the archives as it is solved. (It's a NAT
> problem.)
Thank you for that! I wish more people did this. Too often people only
post problems, and forget about it once it works.
A bunch of ipsec+nat fixes went into 2.6.11.6. Since Herbert Xu was listed
in the quoted Debian bug report, I think this issue might have been fixed.
If you can give it a try (eg this is not some old 2.4 based box) that would
be great!
Paul
> I was having trouble with ports being rewritten to port 1. Example:
>
> BoxA --- GwA ====== GwB --- BoxB
>
> GwA running OpenSWAN (openswan-2.1.5-2 Fedora RPM) and GwB a Multitech
> RoutFinder 550 (MT550VPN).
>
> I would try to ssh from BoxA to BoxB and get this:
>
> 15:22:35.859664 IP BoxA.38537 > BoxB.22: S 51958428:51958428(0) win 5840
> <mss 1460,sackOK,timestamp 257583923 0,nop,wscale 2>
> 15:22:35.863491 IP BoxB.22 > BoxA.38537: S 3558425983:3558425983(0) ack
> 51958429 win 5792 <mss 1336,sackOK,timestamp 12106235
> 257583923,nop,wscale 2>
> 15:22:35.863555 IP BoxA.38537 > BoxB.22: . ack 1 win 1460
> <nop,nop,timestamp 257583927 12106235>
> 15:22:35.890997 IP BoxB.1 > BoxA.38537: P 3558425984:3558426007(23) ack
> 51958429 win 1448 <nop,nop,timestamp 12106262 257583927>
> 15:22:36.093361 IP BoxB.1 > BoxA.38537: P 0:23(23) ack 1 win 1448
> <nop,nop,timestamp 12106465 257583927>
> 15:22:36.499231 IP BoxB.1 > BoxA.38537: P 0:23(23) ack 1 win 1448
> <nop,nop,timestamp 12106871 257583927>
>
> I noticed others were having similar problems:
>
> http://lists.virus.org/users-openswan-0502/msg00239.html
>
> And found the answer through this post:
>
> http://lists.virus.org/users-openswan-0407/msg00002.html
>
> That references this post:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215980
>
> I had to add in the following to solve the port 1 problem:
> iptables -A POSTROUTING 1 -p esp -j ACCEPT -t nat
>
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
As time passes hardware approaches the effectiveness of a rock and
the reliability of a crack addict.
--- Naubert's law
More information about the Users
mailing list