[Openswan Users] L2TP/IPSEC response unencrypted (was openswan-2.6.24rc1 NATed MacOS Kernel crash)
Paul Wouters
paul at xelerance.com
Mon Oct 26 18:21:00 EDT 2009
On Mon, 26 Oct 2009, Giovani Moda wrote:
>> Will do some more tests later on and let you know.
>
> Confirmed, I'm getting unencrypted server-to-client responses on
> external interface (eth0) when using KLIPS with NAT-T. Is this still
> #1004? The client is a XP SP2 box, connecting though linux doing NAT.
> Here are the logs:
Can you check if there is a host route into the ipsecX device just after
the tunnel establishe, but before you receive the delete request from
the client?
This would suggest either a misconfiguration of the nexthop settings, or
a but in the _updown.klips script.
Paul
More information about the Users
mailing list