Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
From: Egerváry Gergely <gergely%egervary.hu@localhost>
Date: Fri, 13 Jun 2014 16:44:32 +0200

Hi Hiroki,

Thank you for your help. Without your sadb_msg patch I get these
messages from racoon on the server (public IP) side:

racoon: INFO: IPsec-SA established: ESP/Transport
193.225.174.14[500]->193.225.174.1[500] spi=142774671(0x882918f)
racoon: INFO: IPsec-SA established: ESP/Transport
193.225.174.14[500]->193.225.174.1[500] spi=156259458(0x9505482)

... and these from racoon on the client (behind NAT) side:

racoon: INFO: IPsec-SA established: ESP/Transport
10.0.0.20[500]->193.225.174.14[500] spi=60514983(0x39b62a7)
racoon: INFO: IPsec-SA established: ESP/Transport
10.0.0.20[500]->193.225.174.14[500] spi=188879077(0xb4210e5)

with your patch, on the server side:

racoon: INFO: IPsec-SA established: ESP/Transport
193.225.174.14[4500]->193.225.174.1[21230] spi=214723282(0xccc6ad2)
racoon: INFO: IPsec-SA established: ESP/Transport
193.225.174.14[4500]->193.225.174.1[21230] spi=17298023(0x107f267)

and on the client side:

racoon: INFO: IPsec-SA established: ESP/Transport
10.0.0.20[4500]->193.225.174.14[4500] spi=17298023(0x107f267)
racoon: INFO: IPsec-SA established: ESP/Transport
10.0.0.20[4500]->193.225.174.14[4500] spi=214723282(0xccc6ad2)

looks a bit better. setkey -D on the server side:

193.225.174.14[4500] 193.225.174.1[21230]
        esp-udp mode=transport spi=17298023(0x0107f267) reqid=0(0x00000000)
...
193.225.174.1[21230] 193.225.174.14[4500]
        esp-udp mode=transport spi=214723282(0x0ccc6ad2) reqid=0(0x00000000)

and on the client side:
10.0.0.20[4500] 193.225.174.14[4500]
        esp-udp mode=transport spi=214723282(0x0ccc6ad2) reqid=0(0x00000000)
193.225.174.14[4500] 10.0.0.20[4500]
        esp-udp mode=transport spi=17298023(0x0107f267) reqid=0(0x00000000)

IP reference:
  Client internal (NAT) address: 10.0.0.20
  NAT box external address: 193.225.174.1
  Server external address: 193.115.174.14

btw, I do not see endianness issues here.

-- 
Egerváry Gergely
<gergely%egervary.hu@localhost>

References:
- Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
  - From: SUENAGA Hiroki

Prev by Date: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Next by Date: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Previous by Thread: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Next by Thread: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Indexes:

Home | Main Index | Thread Index | Old Index