[Vpn-help] Shrew v. 2.1.4 Openswan 2.4.6.1

Stefan Bauer stefan.bauer at plzk.de
Thu Nov 20 13:54:30 CST 2008


Matthew Grooms schrieb:
> The best advice I can give you is to examine the OpenSWAN log output on 
> the Linux host. My hunch is that it failed to validate the certificate 
> for some reason, sends a notification to that effect and re-transmits 
> the 4th packet. All of this seems very reasonable. Sorry I can't offer a 
> more specific solution to your problem :/

Hi Matthew,

thank you for your response. It seems that the NAT-Box at Roadwarrior
site is doing something nasty. Please see below the openswan logs:

klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [1].
klips_debug:   IP: ihl:20 ver:4 tos:0 tlen:340 id:53077 frag_off:0
ttl:54 proto:17 (UDP) chk:39239 saddr:85.181.187.62:500 daddr:10.8.0.1:500
klips_debug:ipsec_rcv: IKE packet - not handled here
klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [1].
klips_debug:   IP: ihl:20 ver:4 tos:0 tlen:265 id:53333 frag_off:0
ttl:54 proto:17 (UDP) chk:39058 saddr:85.181.187.62:500 daddr:10.8.0.1:500
klips_debug:ipsec_rcv: IKE packet - not handled here
klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
klips_debug:   IP: ihl:20 ver:4 tos:0 tlen:1668 id:53589 frag_off:0
ttl:54 proto:17 (UDP) chk:37399 saddr:85.181.187.62:4500
daddr:10.8.0.1:4500
klips_debug:ipsec_rcv: IKE packet - not handled here

Any ideas about that?

Regards

-- 

stefan



More information about the vpn-help mailing list