[Openswan Users] mac os x 10.5.6 is not working when it has a public IP but works if behind a NAT

Paul Wouters paul at xelerance.com
Thu Apr 23 11:35:30 EDT 2009


On Wed, 22 Apr 2009, Kailesh Mussai wrote:

> The same setup works for older Mac OS X for both public IP and for NAT,
> also works with Windows XP and linux.  I am having issues with the newest
> Mac OS X 10.5.  I attached the logs and if I disable nat_traversal, then
> I able to connect.
>
> I cannot tell if it's Mac OS X bug or if it is my setup missing
> something.

>From your logs:

"roadwarrior-l2tp-updatedwin"[4] 132.206.51.33 #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected

"roadwarrior-l2tp"[1] 132.206.51.33 #6: ENCAPSULATION_MODE_UDP_TRANSPORT must only be used if NAT-Traversal is detected

> Openswan version:
> Linux Openswan U2.4.12/K2.6.18-6-686 (netkey)

Please upgrade to openswan 2.4.14.

You say OSX is nat'ed when it fails, but it seems the NAT-Traversal detection
did not find any NAT, so it won't allow NAT-Traversal.

What happens if you enable forceencaps=yes? What that option does is lie
about our IP, so that it triggers the "NAT detected".

Can you send me a plutodebug=all output of your OSX behind NAT, with and
without this forceencaps option? Preferably, send these logs to a new bug
report on bugs.openswan.org, and mail the list a link to the bug report.

Paul


More information about the Users mailing list