[Openswan Users] klips openswan2.4.0 +kernel 2.6.13.2 nat-t
failed
Delta Yeh
delta.yeh at gmail.com
Tue Nov 1 17:00:42 CET 2005
I have fixed aggressive mode + nat_traversal=yes in none NAT environment
and will sent you the patch later .
But new bug was found :In NAT environment , phase 2 negotiation failed.
According to my sniffer ,
I 4500----->NAT -----> R 4500
I 4500------NAT<---------R 500
NAT box drop the reply packet to I:4500 because R replys with src
port of 500 instead of 4500.
So pluto should record with which fd the packet is received and reply
with the same fd .
maybe someone can fix it.
Cheers.
2005/11/1, Paul Wouters <paul at xelerance.com>:
> On Thu, 27 Oct 2005, mcr wrote:
>
> > >>>>> "Delta" == Delta Yeh <delta.yeh at gmail.com> writes:
> > Delta> seg of auto.log 26 11:03:05 firewall pluto[21786]: "sh_bj" #1:
> > Delta> initiating Aggressive Mode #1, connection "sh_bj" Oct 26 11:03:05
> > Delta> firewall pluto[21786]: "sh_bj" #1: message ignored because it
> > Delta> contains an unknown or unexpected payload type (ISAKMP_NEXT_NAT-D)
> >
> > Why use inferior aggressive mode with PSK for openswan<->openswan?
> > It's less secure and harder than raw rsa keys.
> >
> > You can try this and let us know:
> >`
> > Index: demux.c
> > ===================================================================
> > RCS file: /xelerance/master/openswan-2/programs/pluto/demux.c,v
> > retrieving revision 1.241
> > diff -u -r1.241 demux.c
> > --- demux.c 9 Oct 2005 20:30:12 -0000 1.241
> > +++ demux.c 27 Oct 2005 05:28:26 -0000
>
> [....]
>
> That does not full work, see my logs at:
>
> http://bugs.xelerance.com/view.php?id=393
>
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
More information about the Users
mailing list