[Openswan Users] Pluto dumps core with natted client

Stefan Denker Stefan at dn-kr.de
Fri May 12 00:52:47 CEST 2006


On Tue, May 09, 2006 at 06:03:07PM +0200, Paul Wouters wrote:
>> pluto[20056]: "conntest"[2] $remote_public_ip:4500 #2: ASSERTION FAILED at kernel.c:2037: st->st_esp.keymat_len == (key_len + ei->authkeylen)
> openswan-2.2.x has known crashers. Please upgrade.

Done that. The "door stop" now got a backport of Openswan 2.4.5 from
Debian Sid. (Before anyone asks I compiled it myself)
Connection works fine now. 

Well, almost. 
"iptables -t mangle -A PREROUTING -i ppp0 -p esp -j MARK --set-mark 1"
seems not to work on "type=tunnel" Anyone knowing some method of marking
encrypted packets? 

Next step: Switching to Certificates...

Thanks for the hints!

Stefan

-- 
141 Reasons why you can't find your system administrator:
68.It's 9 AM. He/she is not working that late.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20060511/8a54ae32/attachment.bin


More information about the Users mailing list