[Openswan Users] XL2TPD/Double NAT issue

Frank Schmirler osusers at schmirler.de
Mon Oct 15 04:49:39 EDT 2007


On Fri, 12 Oct 2007 20:56:54 +0900, Gerald Vogt wrote
> 20:50:02.888409 IP (tos 0x0, ttl  62, id 3484, offset 0, flags 
> [none], proto: UDP (17), length: 88) 1.0.0.2.49166 > 
> 192.168.4.2.l2f: [bad udp cksum 563c!]  l2tp:[TLS](0/0)Ns=0,Nr=0 
> *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *HOST_NAME()
>  *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
> 
> The packet has a bad checksum. This only happens when the client is 
> behind the NAT router as well. When the client is not behind the NAT 
> router the checksums are O.K. Is this the problem why xl2tpd cannot 
> read the packet?

That's exactly what happened here with openswan 2.4.7. We switched to 2.4.9
which includes the DISABLE_UDP_CHECKSUM workaround. Now the checksum is set to
0 (i.e. no checksum) and it works. Check openswan/linux/net/ipsec/ipsec_rcv.c
for the corresponding code bits. Maybe enable rcv debugging with klipsdebug to
find out why it doesn't work for you.

Good luck,
Frank


More information about the Users mailing list