[Openswan Users] klips openswan2.4.0 +kernel 2.6.13.2 nat-t failed

Delta Yeh delta.yeh at gmail.com
Tue Nov 1 17:00:42 CET 2005


I have fixed   aggressive mode + nat_traversal=yes in none NAT environment
and will sent you the patch later .
But new bug was found :In NAT environment , phase 2 negotiation failed.
According to my sniffer ,
  I  4500----->NAT -----> R  4500
  I  4500------NAT<---------R 500

NAT  box drop the reply packet to I:4500 because R replys with src
port of 500 instead of 4500.
So pluto should record with  which fd the packet is received and reply
 with the same fd .
maybe someone can fix it.
Cheers.

2005/11/1, Paul Wouters <paul at xelerance.com>:
> On Thu, 27 Oct 2005, mcr wrote:
>
> > >>>>> "Delta" == Delta Yeh <delta.yeh at gmail.com> writes:
> >     Delta> seg of auto.log 26 11:03:05 firewall pluto[21786]: "sh_bj" #1:
> >     Delta> initiating Aggressive Mode #1, connection "sh_bj" Oct 26 11:03:05
> >     Delta> firewall pluto[21786]: "sh_bj" #1: message ignored because it
> >     Delta> contains an unknown or unexpected payload type (ISAKMP_NEXT_NAT-D)
> >
> >   Why use inferior aggressive mode with PSK for openswan<->openswan?
> >   It's less secure and harder than raw rsa keys.
> >
> >   You can try this and let us know:
> >`
> > Index: demux.c
> > ===================================================================
> > RCS file: /xelerance/master/openswan-2/programs/pluto/demux.c,v
> > retrieving revision 1.241
> > diff -u -r1.241 demux.c
> > --- demux.c   9 Oct 2005 20:30:12 -0000       1.241
> > +++ demux.c   27 Oct 2005 05:28:26 -0000
>
> [....]
>
> That does not full work, see my logs at:
>
> http://bugs.xelerance.com/view.php?id=393
>
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>


More information about the Users mailing list