[Openswan Users] Error:Informational Exchange is for an unknown (expired?) SA

Fri Mar 30 15:38:28 EDT 2012

Hi Tuomo,

   Thanks for your prompt reply :)

Could you please specify the section of RFC or section of IETF draft,
which talks about dynamic update of the  other ends IP address in NAT
traversal, so that we can implement the same?

Regards,
Saravanan N

On Sat, Mar 31, 2012 at 12:55 AM, Tuomo Soini <tis at foobar.fi> wrote:

> On Fri, 30 Mar 2012 18:34:11 +0530
> SaRaVanAn <saravanan.nagarajan87 at gmail.com> wrote:
>
> > Hi,
> >   It seems , dynamic update of the  other ends IP address in NAT
> > traversal is not supported in OpenSwan.
> > According to rfc4306, it should be supported as part of NAT traversal.
> > Please find the topology and issue I m facing out of this.
>
> Yes. that's propably true. Only change of the nat-t port is supported
> currently. Getting NAT-T support in IKEv2 would be a higher priority
> currently.
>
> Though if you do part of the work, someone with openswan would probably
> help and pick it up.
>
> Alternatively, asking one of the openswan developers or asking the
> mailing list for any companies to see if they are available to
> implement this as a support contract is an option available to you.
>
> > Do Openswan have planned to implement dynamic IP address update
> > feature in NAT-T ??
>
> Patches are very welcome.
>
> --
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux services
> +358 40 5240030
> Foobar Oy <http://foobar.fi/>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120331/d14a34c4/attachment.html>