[ previous ] [ next ] [ threads ]
 
 From:  "Marek Läll" <marek dot lall at neti dot ee>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  1.3b3; NAT-T IP fragments not passed
 Date:  Wed, 1 Aug 2007 22:46:00 +0300 
Hi,


Should this problem be fixed in 1.3b3 that fragmented udp packets will not 
be dropped if the following vpn option is used:
"VPN: IPsec: Edit tunnel" --> "Enable NAT Traversal (NAT-T)"

If no the forget this posting
if yes then it seems it still does not work for me.

syslog reports about dropped packets and vpn hangs there:
Aug  1 22:10:39 gw ipmon[91]: 22:10:38.719266 ng0 @0:21 b x.x.30.170 -> 
x.x.151.153 PR udp len 20 (756) (frag 35648:736@744+) IN
Aug  1 22:10:39 gw ipmon[91]: 22:10:38.719924 ng0 @0:21 b x.x.30.170 -> 
x.x.151.153 PR udp len 20 (80) (frag 35648:60@1480) IN bad
Aug  1 22:10:40 gw ipmon[91]: 22:10:39.820832 ng0 @0:21 b x.x.30.170 -> 
x.x.151.153 PR udp len 20 (756) (frag 35652:736@744+) IN
Aug  1 22:10:40 gw ipmon[91]: 22:10:39.821258 ng0 @0:21 b x.x.30.170 -> 
x.x.151.153 PR udp len 20 (80) (frag 35652:60@1480) IN bad
Aug  1 22:10:42 gw ipmon[91]: 22:10:42.023337 ng0 @0:21 b x.x.30.170 -> 
x.x.151.153 PR udp len 20 (756) (frag 35656:736@744+) IN
Aug  1 22:10:42 gw ipmon[91]: 22:10:42.023362 ng0 @0:21 b x.x.30.170 -> 
x.x.151.153 PR udp len 20 (80) (frag 35656:60@1480) IN bad


Regards,
Marek