[Openswan Users] XL2TPD/Double NAT issue
Frank Schmirler
osusers at schmirler.de
Mon Oct 15 04:49:39 EDT 2007
On Fri, 12 Oct 2007 20:56:54 +0900, Gerald Vogt wrote
> 20:50:02.888409 IP (tos 0x0, ttl 62, id 3484, offset 0, flags
> [none], proto: UDP (17), length: 88) 1.0.0.2.49166 >
> 192.168.4.2.l2f: [bad udp cksum 563c!] l2tp:[TLS](0/0)Ns=0,Nr=0
> *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *HOST_NAME()
> *ASSND_TUN_ID(1) *RECV_WIN_SIZE(4)
>
> The packet has a bad checksum. This only happens when the client is
> behind the NAT router as well. When the client is not behind the NAT
> router the checksums are O.K. Is this the problem why xl2tpd cannot
> read the packet?
That's exactly what happened here with openswan 2.4.7. We switched to 2.4.9
which includes the DISABLE_UDP_CHECKSUM workaround. Now the checksum is set to
0 (i.e. no checksum) and it works. Check openswan/linux/net/ipsec/ipsec_rcv.c
for the corresponding code bits. Maybe enable rcv debugging with klipsdebug to
find out why it doesn't work for you.
Good luck,
Frank
More information about the Users
mailing list