[Openswan Users] Problem with tunnel (both are natted)
hiren joshi
joshihirenn at gmail.com
Mon Mar 30 10:10:55 EDT 2009
> BUT it does not work! The problem is that everything works fine if there is
> no NAT or only Server-NAT or only Client-NAT.
> BUT IT STILL DOES NOT WANT TO WORK IF BOTH SIDES ARE NATTED... (Please
Perhaps you are facing the following:
1. No NAT: Client do not send NAT-OA payload, Openswan disables UDP
checksum protection -> works
2. Server NATed: Client do not send NAT-OA payload, Openswan disables
UDP checksum protection -> works
3. Client NATed: Client sends NAT-OA payload, Openswan corrects
checksum by calculating it incrementally using NAT-OA -> works
4. both are NATed: Client sends NAT-OA payload, Openswan tries to
correct checksum using NAT-OA -> fails as it uses wrong destination
address to calculate the checksum (it do not know the destination
address client uses to sent packets - this requires implementation of
RFC-3947)
The solution is to disable UDP checksum recalculation.
>From CHANGES:
v2.4.8
...
* Added and enabled DISABLE_UDP_CHECKSUM until the cause of this bug
has been fixed. This is bug#601. Found by Frank Vogt
Hope this helps.
Regards,
Hiren
More information about the Users
mailing list