[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] Connection Stuck on STATE_MAIN_I3
From: Paul Wouters <paul () xelerance ! com>
Date: 2006-01-31 15:12:44
Message-ID: Pine.LNX.4.63.0601311610030.11441 () tla ! xelerance ! com
[Download RAW message or body]
On Mon, 30 Jan 2006, Carlos Prieto wrote:
> So, it seems the Main Initiator Phase 3 from the client, does not reach the
> VPN gateway, the Client says it sent it, but the Gateway claims it'is
> missing.
>
> NATed IPsec
> Client Gateway
>
> MI1 ---------->
> <---------- MR1
> MI2 ---------->
> <---------- MR2
> MI3 ----------> ( LOST ! )
> <---------- MR3 ( NEVER COMES ! )
>
> However, if i move this client, to a non-NATed connection, the
> connection success.
this might be an mtu issue. As a workaround try adding fragicmp=yes on
both ends? This should be fixed in 2.4.5 (released soon)
Paul
_______________________________________________
Users mailing list
Users@openswan.org
http://lists.openswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic