[Openswan Users] Road Warrior behind NAT - Aggressive Mode: wrong NAT-T decision

[hiren joshi]

The bug exists in 2.4.12 too.

In aggressive mode initiator uses port 500 to generate the hash (because the
packet was received on 500) and sends it in NAT-D payload.

"htoh" #4: Aggressive mode peer ID is ID_IPV4_ADDR: '172.16.2.2'
| _natd_hash: hasher=0x80eab00(16)
| _natd_hash: icookie=
|   a3 87 5b b4  de d8 47 76
| _natd_hash: rcookie=
|   99 fc e2 0c  65 1a 3e 79
| _natd_hash: ip=  ac 10 02 02
| _natd_hash: port=500
| _natd_hash: hash=  61 47 3f 04  ef 22 98 c9  2b b1 5b 87  e3 2b f6 40

Responder uses 4500 to verify received hash as it has switch to 4500.

"aggr-1"[2] 172.16.2.1 #62: STATE_AGGR_R1: sent AR1, expecting AI2
| processing connection aggr-1[2] 172.16.2.1
| _natd_hash: hasher=0x80eab00(16)
| _natd_hash: icookie=
|   a3 87 5b b4  de d8 47 76
| _natd_hash: rcookie=
|   99 fc e2 0c  65 1a 3e 79
| _natd_hash: ip=  ac 10 02 02
| _natd_hash: port=4500
| _natd_hash: hash=  a7 0c 8c ed  b5 b0 ed 0f  33 7d 4f 39  f1 7e d3 ee
...
| expected NAT-D(me):  a7 0c 8c ed  b5 b0 ed 0f  33 7d 4f 39  f1 7e d3 ee
| expected NAT-D(him):
|   a4 77 17 54  20 77 12 1f  cf c2 80 ff  98 0e 51 a1
| received NAT-D:  61 47 3f 04  ef 22 98 c9  2b b1 5b 87  e3 2b f6 40
| NAT_TRAVERSAL hash=1 (me:0) (him:0)
...
| NAT_TRAVERSAL hash=2 (me:0) (him:0)
"aggr-1"[2] 172.16.2.1 #62: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): both are NATed

I didn't find any help from http://tools.ietf.org/html/rfc3947.- Hide quoted
text -


Thanks for your time.

-hiren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080711/9c01a9de/attachment-0001.html