[Openswan Users] Mac OS X 10.4.3 <-> Openswan
Paul Wouters
paul at xelerance.com
Wed Nov 23 22:03:36 CET 2005
On Wed, 23 Nov 2005, Jacco de Leeuw wrote:
> http://bugs.xelerance.com/view.php?id=462
>
> If you use nat_traversal=yes then Openswan will always come to the conclusion
> that both peers are NATed if a Mac connects. But if none of the peers are
> actually NATed and you still use nat_traversal=yes then the connection will
> not work (see log below). You would have to use nat_traversal=no. But that
> will shuts out NATed clients.
I see. So this is not macosx specific indeed. This looks like a manifestation of
http://bugs.xelerance.com/view.php?id=442
Can you try this patch:
--- nat_traversal.c 2005-11-23 21:20:45.000000000 +0100
+++ nat_traversal.c.new 2005-11-23 21:21:17.000000000 +0100
@@ -378,7 +378,7 @@
, st->st_icookie
, is_zero_cookie(st->st_rcookie) ? md->hdr.isa_rcookie : st->st_rcookie
, &(md->iface->ip_addr)
- , ntohs(st->st_remoteport));
+ , ntohs(st->st_localport));
}
return (out_generic_raw(np, &isakmp_nat_d, outs,
For me behind NAT it still incorrectly shows "both are NATed", but it does
work. I wonder though if it now works for a macosx machine on public IP.
If anyone is online with MacOSX on a public IP, yank my chain and I can give
you the information to run against my l2tp test server.
Find me online at:
Letoto on irc.freenode.net #openswan
PaulWouters at jabber.org
9944856 on AOL/AIM)
Paul
More information about the Users
mailing list