[Ipsec-tools-devel] ipsec-tools 0.8.1

[Richard K. <kr...@cf...>]

Dear Devs,

I've upgraded my ipsec-tools installation from 0.8.0 to 0.8.1, and found 
that when racoon is the initiator, it sends packets from port 4500 instead 
of 500 as in the previous version. I've not done further investigation, 
but this leads to the connection not establishing.

This is the change between the two versions in src/racoon/isakmp.c:

diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
index 048ca71..2672f7a 100644
--- a/src/racoon/isakmp.c
+++ b/src/racoon/isakmp.c
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp.c,v 1.71 2011/03/15 13:20:14 vanhu Exp $        */
+/*     $NetBSD: isakmp.c,v 1.71.2.2 2012/08/29 08:55:26 tteras Exp $   */

  /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */

@@ -2186,7 +2186,7 @@ isakmp_post_acquire(iph2, iph1hint, nopassive)
                         "because of passive mode, "
                         "ignore the acquire message for %s.\n",
                         saddrwop2str(iph2->dst));
-               return 0;
+               return -1;
         }

         /*
@@ -2943,7 +2943,7 @@ copy_ph1addresses(iph1, rmconf, remote, local)
                 port = myaddr_getsport(iph1->local);
                 if (port == 0)
                         port = PORT_ISAKMP;
-               set_port(iph1->local, PORT_ISAKMP);
+               set_port(iph1->local, port);
         }

  #ifdef ENABLE_NATT

The second hunk makes racoon choose the port 4500 instead of 500. But I 
simply dont understand the code deeply, and effectively the diff seems to 
fix something, so in my oppinion it is to be fixed some other way.

Thanks in advance,

Kojedzinszky Richard