[Openswan Users] Road Warrior behind NAT - Aggressive Mode: wrong NAT-T decision
hiren joshi
joshihirenn at gmail.com
Thu Jul 17 12:10:11 EDT 2008
Sorry for posting late.
As per my previous post::
openswan --- gw --- router --- NATbox --- RW
openswan detects NAT-Traversal as "both are NATed" instead of "peer is
NATed".
Later on I receive,
DPD: Serious: could not find newest phase 1 state
DPD: Warning: received old or duplicate R_U_THERE
After some time client breaks the connection due of not getting
DPD_R_U_THERE_ACK
Thanks for your time.
-hiren
On Fri, Jul 11, 2008 at 11:15 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 10 Jul 2008, hiren joshi wrote:
>
> > The bug exists in 2.4.12 too.
> >
> > In aggressive mode initiator uses port 500 to generate the hash (because
> the
> > packet was received on 500) and sends it in NAT-D payload.
>
> > Responder uses 4500 to verify received hash as it has switch to 4500.
>
> > "aggr-1"[2] 172.16.2.1 #62: NAT-Traversal: Result using RFC 3947
> > (NAT-Traversal): both are NATed
>
> Apart from seeing "both are NATed" instead of "client is NAT'ed", there
> should
> not be any operational difference, since NAT-T is just being enabled.
>
> Do you experience any problem?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080717/e4fbebda/attachment.html
More information about the Users
mailing list