[Openswan Users] Problems with ipsec via UMTS
Paul Wouters
paul at xelerance.com
Thu Mar 23 23:17:23 CET 2006
On Thu, 23 Mar 2006, Pawel Gasieniec wrote:
> I have successfully configured openswan. It now works for Linux - Linux
> permanent links and for Windows Roadwarrior (with l2tp).
> The only problem is when Roadwarrior tries to connect via UMTS (Polish
> GSM/UMTS operator named ERA).
> I noticed that sometimes (most of the times to be precise) TCP, ICMP and
> ISAKMP packets come from one IP and UDP packets come from another. The
> result is "packet from 213.158.197.36:2658: phase 1 message is part of an
> unknown exchange" in log and, of course, no connection to Openswan.
>
> I have called them and asked for it, but the only thing they told me is that
> they do not guarantee anything but working internet browser and mail client.
> Their technicians are not responsible for nothing else.
The obvious thing to do is to cancel your subscription and ask for your money
back.
The only thing I can possible imagine, is to put a NAT router in front of
openswan (or on openswan with lots of complex rules) and NAT the packets back
yourself.
Perhaps lowing the mtu on your client machine might help, and you are just
seeing some artifact of Very Bad network design.
What I don't understand is why ISAKMP packets are from a different IP then
other UDP packets, since ISAKMP packets *are* UDP packets.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list