[Vpn-help] Shrew v. 2.1.4 Openswan 2.4.6.1
Stefan Bauer
stefan.bauer at plzk.de
Thu Nov 20 13:54:30 CST 2008
Matthew Grooms schrieb:
> The best advice I can give you is to examine the OpenSWAN log output on
> the Linux host. My hunch is that it failed to validate the certificate
> for some reason, sends a notification to that effect and re-transmits
> the 4th packet. All of this seems very reasonable. Sorry I can't offer a
> more specific solution to your problem :/
Hi Matthew,
thank you for your response. It seems that the NAT-Box at Roadwarrior
site is doing something nasty. Please see below the openswan logs:
klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [1].
klips_debug: IP: ihl:20 ver:4 tos:0 tlen:340 id:53077 frag_off:0
ttl:54 proto:17 (UDP) chk:39239 saddr:85.181.187.62:500 daddr:10.8.0.1:500
klips_debug:ipsec_rcv: IKE packet - not handled here
klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [1].
klips_debug: IP: ihl:20 ver:4 tos:0 tlen:265 id:53333 frag_off:0
ttl:54 proto:17 (UDP) chk:39058 saddr:85.181.187.62:500 daddr:10.8.0.1:500
klips_debug:ipsec_rcv: IKE packet - not handled here
klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
klips_debug: IP: ihl:20 ver:4 tos:0 tlen:1668 id:53589 frag_off:0
ttl:54 proto:17 (UDP) chk:37399 saddr:85.181.187.62:4500
daddr:10.8.0.1:4500
klips_debug:ipsec_rcv: IKE packet - not handled here
Any ideas about that?
Regards
--
stefan
More information about the vpn-help
mailing list