[Openswan Users] NAT-T on ports != [500,4500] (fwd)
Ronald Moesbergen
Ronald.Moesbergen at bkvision.nl
Mon Feb 14 09:30:39 CET 2005
Thanks! I'll let all my 'testsubjects' try tonight, I'll report back
tomorrow. I noticed that current cvs-head crashes with a segfault, so I
checked out 2.3.1dr3, hope that's ok.
Ronald.
>
> Hi Ronald,
>
> Try CVS HEAD now, aka 2.3.1dr2, which fixes a NAT-T rekey
> bug in pluto.
>
> Ronald Moesbergen wrote:
>
> >I gathered some more info on this:
> >
> >I have now confirmed that when using 2.3.0-plain all clients can
> >connect without trouble, but get disconnected after 2 hours and then
> >can't reconnect. If I use 2.3.0-cvs, 2 clients can still connect
> >without problems and even for more than 2 hours, but the
> third one has
> >the problem described below and can't connect at all
> (endless 'IPSec SA
> >Established' loop). I also tried using KLIPS with kernel 2.4.29 en
> >2.3.0-cvs, but then the exact same problem occurs, the other
> 2 clients
> >can still connect without trouble, the one client still
> cannot. I also
> >noticed that when using 2.3.0-plain I get:
> >
> >IPsec SA established {ESP/NAT=>0x61c59236 <0xb104023a
> NATOA=10.0.0.157}
> >(Connection works)
> >
> >when using CVS I get:
> >
> >IPsec SA established {ESP=>0x946eee0a <0x8b4c0373
> NATD=82.136.251.70}
> >(Connection fails)
> >
> >Hope this helps to narrow it down. Thanks, Ronald.
> >
> >
>
More information about the Users
mailing list