[Openswan Users] NAT-T on ports != [500,4500] (fwd)
Ronald Moesbergen
Ronald.Moesbergen at bkvision.nl
Mon Feb 14 22:27:42 CET 2005
Well, I'm sorry to report that dr3 doesn't fix the problem, the exact
same thing happens as described earlier (looping SA established etc.) :(
If you want logfiles or anything, just ask ...
Thanks,
Ronald.
>
> Thanks! I'll let all my 'testsubjects' try tonight, I'll report back
> tomorrow. I noticed that current cvs-head crashes with a segfault, so
I
> checked out 2.3.1dr3, hope that's ok.
>
> Ronald.
>
> >
> > Hi Ronald,
> >
> > Try CVS HEAD now, aka 2.3.1dr2, which fixes a NAT-T rekey
> > bug in pluto.
> >
> > Ronald Moesbergen wrote:
> >
> > >I gathered some more info on this:
> > >
> > >I have now confirmed that when using 2.3.0-plain all clients can
> > >connect without trouble, but get disconnected after 2 hours and
then
> > >can't reconnect. If I use 2.3.0-cvs, 2 clients can still connect
> > >without problems and even for more than 2 hours, but the
> > third one has
> > >the problem described below and can't connect at all
> > (endless 'IPSec SA
> > >Established' loop). I also tried using KLIPS with kernel 2.4.29 en
> > >2.3.0-cvs, but then the exact same problem occurs, the other
> > 2 clients
> > >can still connect without trouble, the one client still
> > cannot. I also
> > >noticed that when using 2.3.0-plain I get:
> > >
> > >IPsec SA established {ESP/NAT=>0x61c59236 <0xb104023a
> > NATOA=10.0.0.157}
> > >(Connection works)
> > >
> > >when using CVS I get:
> > >
> > >IPsec SA established {ESP=>0x946eee0a <0x8b4c0373
> > NATD=82.136.251.70}
> > >(Connection fails)
> > >
> > >Hope this helps to narrow it down. Thanks, Ronald.
> > >
> > >
> >
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list