[Openswan Users] NAT-T on ports != [500,4500] (fwd)

Ronald Moesbergen Ronald.Moesbergen at bkvision.nl
Mon Feb 14 09:30:39 CET 2005


Thanks! I'll let all my 'testsubjects' try tonight, I'll report back
tomorrow. I noticed that current cvs-head crashes with a segfault, so I
checked out 2.3.1dr3, hope that's ok.

Ronald. 

> 
> Hi Ronald,
> 
> Try  CVS HEAD now, aka 2.3.1dr2, which fixes a NAT-T rekey 
> bug in pluto.
> 
> Ronald Moesbergen wrote:
> 
> >I gathered some more info on this:
> >
> >I have now confirmed that when using 2.3.0-plain all clients can 
> >connect without trouble, but get disconnected after 2 hours and then 
> >can't reconnect. If I use 2.3.0-cvs, 2 clients can still connect 
> >without problems and even for more than 2 hours, but the 
> third one has 
> >the problem described below and can't connect at all 
> (endless 'IPSec SA 
> >Established' loop). I also tried using KLIPS with kernel 2.4.29 en 
> >2.3.0-cvs, but then the exact same problem occurs, the other 
> 2 clients 
> >can still connect without trouble, the one client still 
> cannot. I also 
> >noticed that when using 2.3.0-plain I get:
> >
> >IPsec SA established {ESP/NAT=>0x61c59236 <0xb104023a 
> NATOA=10.0.0.157} 
> >(Connection works)
> >
> >when using CVS I get:
> >
> >IPsec SA established {ESP=>0x946eee0a <0x8b4c0373 
> NATD=82.136.251.70} 
> >(Connection fails)
> >
> >Hope this helps to narrow it down. Thanks, Ronald.
> >  
> >
> 


More information about the Users mailing list