[Openswan Users] vpn connection after internet reconnect

Paul Wouters paul at xelerance.com
Sun Nov 26 13:38:56 EST 2006

On Sat, 25 Nov 2006, Michael Richardson wrote:

> >>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>     >> No, just the laptop and no l2tp. It all works until the natbox
>     >> changes its external IP. then the "right" hosts sees the packages
>     >> coming from a wrong IP and drops them.
>     Paul> Interesting. Michael, is there any reason to drop these? After
>     Paul> all, we are just disgarding the ESPinUDP header, so why would
>     Paul> we care if it came from another IP? It's just fancy wrapping
>     Paul> paper. What we get after decapsulation is an ESP packet with a
>     Paul> source IP of the orignal NAT'ed IP address, regardless what
>     Paul> the NAT router's IP is.
>   We shouldn't be dropping it... we should in fact be telling PLUTO
> about the new mapping.
>   It's a hard test case to create, btw.

Is it? Can't "nic" just run NAT over the udp 4500 packets?

In any case, I'll file a bug report so we don't forget about this case.


More information about the Users mailing list