kern/41304: ipnat and ipsec don't play togheter

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/41304: ipnat and ipsec don't play togheter
From: mihai.chelaru%ngnetworks.ro@localhost
Date: Wed, 29 Apr 2009 15:50:00 +0000 (UTC)

>Number:         41304
>Category:       kern
>Synopsis:       ipsec + ipnat don't work in some cases
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Apr 29 15:50:00 +0000 2009
>Originator:     Mihai Chelaru
>Release:        NetBSD 5.0
>Organization:
        
>Environment:
        
        
OS: NetBSD 5.0
Architecture: i386
Machine: i386
>Description:
        

        Using a gateway with the following setup:
                2 NICs - one for inside, one for outside
                NAT from inside to outside
                IPSec tunnel mode between outside address and another network 
(NET_A)

        See the following behaviour:
                packets sent from local gateway to NET_A work as expected
                packets sent from inside network are reaching NET_A as expected
                packets sent from NET_A are reaching gateway but gateway is not 
willing to do NAT and forward them to the inside network

        a TCP handshaking on gateway outside interface looks like this:

                1. SYN sent
                2. SYN/ACK received
                3. RST sent


>How-To-Repeat:
        
>Fix:
        

>Unformatted:

Prev by Date: Re: bin/41302: cron dies at startup
Next by Date: Re: kern/39726
Previous by Thread: Re: bin/41276 (ftp-proxy(8) man page screws up rdr syntax)
Next by Thread: Re: kern/39726
Indexes:

Home | Main Index | Thread Index | Old Index