Re: [Ipsec-tools-devel] Unable to set up IPSec (transport mode) + NAT-T
Brought to you by:
mit_warlord,
netbsd
From: <mr...@mr...> - 2004-04-17 21:30:56
|
"Lionel Fourquaux" <lfo...@al...> writes: > Hello, > > I'm trying to set up IPSec in transport mode, with this kind on network > configuration: > > A (10.2.3.4) --- NAT+dynamic address (1.2.3.4) ------- B (5.6.7.8) > > A is computer running WinXP, with IPSec correctly configured (afaik). > B is running Linux=A02.6.5, with ipsec-tools 0.3rc5, and the one I'm tryi= ng to > configure. > > I'm using certificates for authentication. > > Here are the symptoms: the key exchange is successful, I can ping B from = A, > but TCP do not work. I can see encrypted SYN packets from A arriving on B= 's > network card, but there is no answer. I have found no error message in B's > log files. I've had a similar problem with tunnel mode. If NAT is active, it seems to mangle the port numbers for TCP packets even though it should leave them alone. I never managed to figure it out, so if you get it working, it would be nice if could post the solution here. --=20 M=E5ns Rullg=E5rd mr...@mr... |