[Openswan Users] KLIPS 2.4.2dr1 is broken with NAT-T

Paul Wouters paul at xelerance.com
Fri Oct 14 17:34:13 CEST 2005


On Fri, 14 Oct 2005, Marco Berizzi wrote:

> KLIPS 2.4.2dr1 is broken when NAT-T is enabled in ipsec.conf
> ipsec barf is attached. KLIPS & Pluto debug were set to all.
>
> Any response are welcome.

We released 2.4.2dr2 yesterday that should fix that issue. Could
you try that and confirm that problem has ben resolved?

Paul

> Marco Berizzi wrote:
>
>> I'm reposting because previous message was tagged as
>> spam.
>> Sorry.
>> 
>> Marco Berizzi wrote:
>> 
>> > Hello everybody.
>> > I have a problem with klips 2.4.2dr1 with linux 2.4.31
>> > The problem isn't related to userland tools version,
>> > only KLIPS version.
>> > Our ISP router is configured with some kind of QoS to
>> > give priority to VoIP traffic. This QoS is implemented
>> > on source IP packet. I have no control over this router.
>> > Briefly: KLIPS 2.3.1 is working ok. KLIPS 2.4.2dr1:
>> > connections are frozen in Phase 1.
>> >
>> > Is there any packet format/flow change between KLIPS
>> > 2.3.1 and KLIPS 2.4.2dr1?
>> >
>> > Running KLIPS 2.3.1 + userland 2.4.2dr1 are fine.
>> 
>> See attach for /var/log/secure
>> plutodebug is set to control.
>> This log was written by OSW 2.4.2dr1 (both KLIPS and
>> pluto) on linux 2.4.31. KLIPS is patched with NAT-T.
>> 
>
>

-- 

"Happiness is never grand"

 	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list