[Openswan Users] Packet has no Non-ESP marker
Paul Wouters
paul at xelerance.com
Mon Nov 13 15:11:18 EST 2006
On Mon, 13 Nov 2006, Stefan Denker wrote:
> Nov 13 11:11:25 seikan pluto[1825]: packet from 87.78.98.213:4500: recvfrom 87.78.98.213:4500 has no Non-ESP marker
> Nov 13 11:11:56 seikan last message repeated 7 times
>
> What is this "Non-ESP marker"?
When IKE packets arrive on port-4500, they are ESP-UDP encapsulated.
This means that they really have an ESP header after ther UDP packet.
If the SPI# of the ESP header is 0, then it's an IKE packet.
That's the "non-ESP marker"
Perhaps you are DNAT'ing IKE packets?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list