[Openswan Users] VPN between two NATed computers, error: cannot IPSec SA; no connection is known

Bernd Galonska B.Galonska at fhr-ab.de
Wed Dec 28 18:54:03 CET 2005


I guess this is the same as Bernd Galonska's patch:
http://bugs.xelerance.com/view.php?id=294

> However, the patch must be against a very different version -

In the new version > 2.3.1 the the place chaned from   ipsec_doi.c  to
ikev1_quick.c

try this


--- openswan-2.3.1/programs/pluto/ikev1_quick.c 2005-02-11
15:18:08.000000000 +0
000
+++ openswan-2.3.1/programs/pluto/ikev1_quick.c 2005-03-21
14:51:35.103457848 +0
000
@@ -5958,6 +5958,17 @@
        struct connection *p = find_client_connection(c
            , our_net, his_net, b->my.proto, b->my.port, b->his.proto,
b->his.po
rt);

+#ifdef NAT_TRAVERSAL
+  #ifdef I_KNOW_TRANSPORT_MODE_HAS_SECURITY_CONCERN_BUT_I_WANT_IT
+    if( (p1st->hidden_variables.st_nat_traversal & NAT_T_DETECTED)
+       && !(p1st->st_policy & POLICY_TUNNEL)
+       && (p1st->hidden_variables.st_nat_traversal  &
LELEM(NAT_TRAVERSAL_NAT_BHND_ME))
+       && (p == NULL) )
+        {
+          p = c;
+        }
+  #endif
+#endif
        if (p == NULL)
        {
            /* This message occurs in very puzzling circumstances




More information about the Users mailing list