[Openswan Users] Problems with Openswan 2.6.22 using Aggressive Mode and NAT-T

David McCullough David_Mccullough at securecomputing.com
Wed Sep 16 06:14:01 EDT 2009


Jivin Martin Schiller lays it down ...
> Hi!
> 
> I've got some problems with Openswan 2.6.22 using Aggressive Mode and NAT-T.
> 
> The test-scenario looks like this:
> 
> - 2 identical machines with Openswan 2.6.22 running on them
> - a NAT gateway between the two machines
> 
> The problem:
> "NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negotiation"
> 
> I think the problem is only in the responder part of the nat-t code, because when I use Openswan 
> 2.4.14 on the responder, everything works OK.
> 
> For more details, have a look on the attached log-files.
> 
> Aggr-NAT-T-2.6.22.log: 2.6.22 <-> 2.6.22 => FAILURE
> Aggr-NAT-T-2.4.14.log: 2.4.14 <-> 2.4.14 => OK
> Aggr-NAT-T-mix.log:    2.6.22 <-> 2.4.14 => OK

I just commited code for this exact problem.  Try the attached patch,
which is for something closer to 2.6.23 but should apply to 2.6.22 as well.
Let us know how it goes,  it's working for me here but more testing can't
hurt ;-)

Cheers,
Davidm

-- 
David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-aggr-nat-d.patch
Type: text/x-diff
Size: 2939 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090916/047caef8/attachment.bin 


More information about the Users mailing list