From: mlafon_at_arkoon.net
Date: Sun Nov 03 2002 - 15:59:42 CET
Benzy Gabay wrote :
> I'm not sure if this bug has been reported already. (I've just joined the
> mailing list)
> I'm building a client for the freeswan.
> I'm using the super-freeswan kb8, which has the NAT-Traversal patch version
> 0.4 .
> According to the latest nat draft:draft-ietf-ipsec-nat-t-ike-03 the Nat-D
> packets should be built, among others, from the local and remote IP
> addresses.
> Those addresses should be converted with htonl() before been inserted into
> the NAT-D packet.
It's not the addresses that are inserted in the NAT-D packet. It's a hash
of cookies/address/port (address & port in network order).
> After building these packets I've noticed that the freeswan is responding as
> if those addresses are not known.
What do you mean ? If you want to know exactly what freeswan received and what
freeswan expect, you can define NAT_D_DEBUG in nat_traversal.c.
> After few retries I've come to know that the freeswan is expecting the first
> NAT-D packet, to use the IP address without doing htonl() .
I don't use htonl because addresses are already in network order in the
ip_address struct.
-- Mathieu Lafon - Arkoon Network Security _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Mon Nov 04 2002 - 05:20:35 CET