[Openswan Users] Connection Stuck on STATE_MAIN_I3
Paul Wouters
paul at xelerance.com
Tue Jan 31 16:12:44 CET 2006
On Mon, 30 Jan 2006, Carlos Prieto wrote:
> So, it seems the Main Initiator Phase 3 from the client, does not reach the
> VPN gateway, the Client says it sent it, but the Gateway claims it'is
> missing.
>
> NATed IPsec
> Client Gateway
>
> MI1 ---------->
> <---------- MR1
> MI2 ---------->
> <---------- MR2
> MI3 ----------> ( LOST ! )
> <---------- MR3 ( NEVER COMES ! )
>
> However, if i move this client, to a non-NATed connection, the
> connection success.
this might be an mtu issue. As a workaround try adding fragicmp=yes on
both ends? This should be fixed in 2.4.5 (released soon)
Paul
More information about the Users
mailing list