Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,gergely%egervary.hu@localhost
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
From: Egerváry Gergely <gergely%egervary.hu@localhost>
Date: Fri, 13 Jun 2014 14:45:00 +0000 (UTC)

The following reply was made to PR bin/47894; it has been noted by GNATS.

From: =?UTF-8?B?RWdlcnbDoXJ5IEdlcmdlbHk=?= <gergely%egervary.hu@localhost>
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, 
 netbsd-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Date: Fri, 13 Jun 2014 16:44:32 +0200

 Hi Hiroki,
 
 Thank you for your help. Without your sadb_msg patch I get these
 messages from racoon on the server (public IP) side:
 
 racoon: INFO: IPsec-SA established: ESP/Transport
 193.225.174.14[500]->193.225.174.1[500] spi=142774671(0x882918f)
 racoon: INFO: IPsec-SA established: ESP/Transport
 193.225.174.14[500]->193.225.174.1[500] spi=156259458(0x9505482)
 
 ... and these from racoon on the client (behind NAT) side:
 
 racoon: INFO: IPsec-SA established: ESP/Transport
 10.0.0.20[500]->193.225.174.14[500] spi=60514983(0x39b62a7)
 racoon: INFO: IPsec-SA established: ESP/Transport
 10.0.0.20[500]->193.225.174.14[500] spi=188879077(0xb4210e5)
 
 with your patch, on the server side:
 
 racoon: INFO: IPsec-SA established: ESP/Transport
 193.225.174.14[4500]->193.225.174.1[21230] spi=214723282(0xccc6ad2)
 racoon: INFO: IPsec-SA established: ESP/Transport
 193.225.174.14[4500]->193.225.174.1[21230] spi=17298023(0x107f267)
 
 and on the client side:
 
 racoon: INFO: IPsec-SA established: ESP/Transport
 10.0.0.20[4500]->193.225.174.14[4500] spi=17298023(0x107f267)
 racoon: INFO: IPsec-SA established: ESP/Transport
 10.0.0.20[4500]->193.225.174.14[4500] spi=214723282(0xccc6ad2)
 
 looks a bit better. setkey -D on the server side:
 
 193.225.174.14[4500] 193.225.174.1[21230]
         esp-udp mode=transport spi=17298023(0x0107f267) reqid=0(0x00000000)
 ...
 193.225.174.1[21230] 193.225.174.14[4500]
         esp-udp mode=transport spi=214723282(0x0ccc6ad2) reqid=0(0x00000000)
 
 and on the client side:
 10.0.0.20[4500] 193.225.174.14[4500]
         esp-udp mode=transport spi=214723282(0x0ccc6ad2) reqid=0(0x00000000)
 193.225.174.14[4500] 10.0.0.20[4500]
         esp-udp mode=transport spi=17298023(0x0107f267) reqid=0(0x00000000)
 
 IP reference:
   Client internal (NAT) address: 10.0.0.20
   NAT box external address: 193.225.174.1
   Server external address: 193.115.174.14
 
 btw, I do not see endianness issues here.
 
 -- 
 EgervÃ¡ry Gergely
 <gergely%egervary.hu@localhost>

Follow-Ups:
- Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
  - From: SUENAGA Hiroki

Prev by Date: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Next by Thread: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Indexes:

Home | Main Index | Thread Index | Old Index