NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Now I'm testing on NetBSD-6.99.43 (Tue Jun 3 23:27:56 CEST 2014) and
still does not work when client is behind NAT, get udp/500 instead of
udp/4500:
Jun 3 23:58:25 sandbox racoon: INFO: respond new phase 1 negotiation:
server.ip.address[500]<=>client.ip.address[500]
Jun 3 23:58:25 sandbox racoon: INFO: begin Identity Protection mode.
Jun 3 23:58:25 sandbox racoon: INFO: received broken Microsoft ID: MS
NT5 ISAKMPOAKLEY
Jun 3 23:58:25 sandbox racoon: INFO: received Vendor ID: RFC 3947
Jun 3 23:58:25 sandbox racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02
Jun 3 23:58:25 sandbox racoon: INFO: received Vendor ID: FRAGMENTATION
Jun 3 23:58:25 sandbox racoon: [client.ip.address] INFO: Selected NAT-T
version: RFC 3947
Jun 3 23:58:25 sandbox racoon: ERROR: invalid DH group 20.
Jun 3 23:58:25 sandbox racoon: ERROR: invalid DH group 19.
Jun 3 23:58:25 sandbox racoon: [server.ip.address] INFO: Hashing
server.ip.address[500] with algo #2
Jun 3 23:58:25 sandbox racoon: INFO: NAT-D payload #0 verified
Jun 3 23:58:25 sandbox racoon: [client.ip.address] INFO: Hashing
client.ip.address[500] with algo #2
Jun 3 23:58:25 sandbox racoon: INFO: NAT-D payload #1 doesn't match
Jun 3 23:58:25 sandbox racoon: INFO: NAT detected: PEER
Jun 3 23:58:25 sandbox racoon: [client.ip.address] INFO: Hashing
client.ip.address[500] with algo #2
Jun 3 23:58:25 sandbox racoon: [server.ip.address] INFO: Hashing
server.ip.address[500] with algo #2
Jun 3 23:58:25 sandbox racoon: INFO: Adding remote and local NAT-D
payloads.
Jun 3 23:58:25 sandbox racoon: INFO: NAT-T: ports changed to:
client.ip.address[4500]<->server.ip.address[4500]
Jun 3 23:58:25 sandbox racoon: INFO: KA list add:
server.ip.address[4500]->client.ip.address[4500]
Jun 3 23:58:25 sandbox racoon: INFO: ISAKMP-SA established
server.ip.address[4500]-client.ip.address[4500]
spi:b7055991cbd8c99c:7633ebfe9ba94261
Jun 3 23:58:25 sandbox racoon: INFO: respond new phase 2 negotiation:
server.ip.address[4500]<=>client.ip.address[4500]
Jun 3 23:58:25 sandbox racoon: INFO: Adjusting my encmode
UDP-Transport->Transport
Jun 3 23:58:25 sandbox racoon: INFO: Adjusting peer's encmode
UDP-Transport(4)->Transport(2)
Jun 3 23:58:25 sandbox racoon: INFO: IPsec-SA established:
ESP/Transport server.ip.address[500]->client.ip.address[500]
spi=166530160(0x9ed0c70)
Jun 3 23:58:25 sandbox racoon: INFO: IPsec-SA established:
ESP/Transport server.ip.address[500]->client.ip.address[500]
spi=1453915857(0x56a8fed1)
Any ideas how to fix this issue?
Thank you.
--
Gergely EGERVARY
Home |
Main Index |
Thread Index |
Old Index