Re: Router project on OpenBSD questions

Mon, 24 Sep 2012 05:46:23 -0700 

Thanks for the replies.



You say, there have been problems with NAT-T but these have been fixed.



I am on openBSD 5.2 current and have problems with NAT-T to cisco, which I have 
not had when I was on openBSD 4.7.



The problem is, as seen in the debug output from isakmpd, that isakmpd detects 
that there is a NAT device in between ( it even tells that ‘we are behind 
it’ ) and then proposes ‘ENCAPULATION_MODE=TUNNEL’ instead of 
‘ENCAPLULATION_MODE=UDP_ENC_TUNNEL’ for phase two, which is ( correctly ? ) 
rejected by the remote peer.





Regards

Christoph



Von: Stuart Henderson [mailto:s...@spacehopper.org]

Gesendet: Samstag, 22. September 2012 16:52

An: Christoph Leser; misc@openbsd.org

Betreff: Re: Router project on OpenBSD questions



Search the archives for the cisco nat-t problem, I sent a mail with more 
details and I think there was a patch with it. Pretty sure that would have 
affected older OpenBSD versions too though.

Christoph Leser <le...@sup-logistik.de<mailto:le...@sup-logistik.de>> wrote:







On Feb 28, 2012, Stuart Henderson wrote:





List:       openbsd-misc<http://marc.info/?l=openbsd-misc&r=1&w=2>



Subject:    Re: Router project on OpenBSD 
questions<http://marc.info/?t=133037173000006&r=1&w=2>



From:       Stuart Henderson <stu () spacehopper ! 
org><http://marc.info/?a=103971340500002&r=1&w=2>



Date:       2012-02-28 
13:57:45<http://marc.info/?l=openbsd-misc&r=1&w=2&b=201202>



Message-ID: slrnjkpnao.r14.stu () naiad ! spacehopper ! 
org<http://marc.info/?i=slrnjkpnao.r14.stu%20()%20naiad%20!%20spacehopper%20!%20org>



[Download message RAW<http://marc.info/?l=openbsd-misc&m=133043766530365&q=raw>]











>IPsec is mostly compatible but there's a bit of breakage if the ipsec



>gateways are behind NAT (because Cisco still follows a very old nat-t draft



>rather than the standard).











I think I have read similar remarks about NAT-T and Cisco interoperability. But 
I have found no details about what the problem is with cisco.







I completely failed when I tried to move from OBSD 4.6 to OBSD 5.2, because of 
NAT-T trouble with cisco. I described my experience in a message to this list 
'ISAMPD NAT trouble with openBSD 5.2







Any hints to information about interoperabilty issues with cisco ( and possible 
solutions ) would be highly welcome















Mit freundlichen Grüßen



Christoph Leser



S&P Computersysteme GmbH

Zettachring 4

70567 Stuttgart Fasanenhof



EMail: le...@sup-logistik.de<mailto:le...@sup-logistik.de>

Reply via email to