[Openswan Users] NAT-T on ports != [500,4500] (fwd)
Ken Bantoft
ken at xelerance.com
Sat Feb 12 17:54:35 CET 2005
Hi Ronald,
Try CVS HEAD now, aka 2.3.1dr2, which fixes a NAT-T rekey bug in pluto.
Ronald Moesbergen wrote:
>I gathered some more info on this:
>
>I have now confirmed that when using 2.3.0-plain all clients can connect
>without trouble, but get disconnected after 2 hours and then can't
>reconnect. If I use 2.3.0-cvs, 2 clients can still connect without
>problems and even for more than 2 hours, but the third one has the
>problem described below and can't connect at all (endless 'IPSec SA
>Established' loop). I also tried using KLIPS with kernel 2.4.29 en
>2.3.0-cvs, but then the exact same problem occurs, the other 2 clients
>can still connect without trouble, the one client still cannot. I also
>noticed that when using 2.3.0-plain I get:
>
>IPsec SA established {ESP/NAT=>0x61c59236 <0xb104023a NATOA=10.0.0.157}
>(Connection works)
>
>when using CVS I get:
>
>IPsec SA established {ESP=>0x946eee0a <0x8b4c0373 NATD=82.136.251.70}
>(Connection fails)
>
>Hope this helps to narrow it down. Thanks,
>Ronald.
>
>
More information about the Users
mailing list