[strongSwan] NAT port 4500 collisions
Johannes Hubertz
johannes at hubertz.de
Fri Jul 5 12:13:01 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Daniel and listmembers,
On 04.07.2013 20:46, Daniel Pocock wrote:
> [Laptop] (charon bound on 4500) | 192.168.200.10:4500 ->
> VPN gateway IP:4500 | [OpenWRT] (charon bound on 4500) |
> WAN IP:4500 -> VPN gateway IP:4500 | [Some server] (charon bound on
> 4500)
if the NAT issue still is present, please investigate in your [VPN
gateway] if it can accept packets coming from other source ports than
4500. NAT usually changes the source-port to identify incoming
answer-packets. So esp encapsulated udp packets coming from your
OPENWRT seems to come from 4500 (these are originated by the OpenWRT)
_and_ from some high ports (those are created by NAT). For the IKE the
same behavior should be visible.
Perhaps this helps. Thanks for reading.
Have fun.
Johannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJR1pwqAAoJEFtjfmuIV5FKG2MH/1SdK8oI62j9w57aLMQNYE2s
MVOMa+NaPWyR45td5WOnEoV/TJ+NFgPuT3xd3BUZBgaug5nhW8PXTygzq1F0zxAa
X0gowG4YHZ2JpkWuBfV9jR5WuY6hfMby0xZSmLIHRr+ubNBHHTcqsMAuAOlTUKPZ
n9IDB1FAvaM6Pq+sOtAGIx61qiilNzl5nKQEkjPSyu2nQe/dwVe8lobHHoNlOhh1
4JeMVRW9lHFWXdHUJxSnnvu2HS+YJHWdgx5aCddR8LA60NKUykhylNDVBcYoIpZF
wjv2lyYIL/ZZDswdKM8D1tgOno+hKVPxQ/Ryd3/kuEg11UWjmz9O2T4VHfjJrUI=
=Xfc0
-----END PGP SIGNATURE-----
More information about the Users
mailing list