Date: Wed, 25 Jan 2012 21:46:31 +0100 From: Christer Hermansson <mail@chdevelopment.se> To: freebsd-net@freebsd.org Subject: Problem with nat traversal Message-ID: <4F206A27.60006@chdevelopment.se>
next in thread | raw e-mail | index | archive | help
I have problem with nat traversal. The server is directly connected to the Internet, the client is behind a gateway that use nat. The problem is that the server tries to respond to the clients internal private address 192.168.1.10, (and the ISP sends icmp messages back to the server, telling it blocks 192.168 addresses). (I don't have access to the real output from tcpdump right now...) tcpdump on the server shows something like this: client-ext-ip > srv-ext-ip UDP 500 srv-ext-ip UDP 500 > client-ext-ip client-ext-ip > srv-ext-ip UDP 500 srv-ext-ip UDP 500 > client-ext-ip client-ext-ip > srv-ext-ip UDP 4500 srv-ext-ip 4500 > client-INT-ip UDP icmp from isp-router telling client-INT-ip is filtered client-ext-ip > srv-ext-ip UDP 4500 srv-ext-ip 4500 > client-INT-ip UDP icmp from isp-router telling client-INT-ip is filtered client-ext-ip > srv-ext-ip UDP 4500 srv-ext-ip 4500 > client-INT-ip UDP icmp from isp-router telling client-INT-ip is filtered windump on the client with win7 shows something like this: client-ext-ip > srv-ext-ip UDP 500 srv-ext-ip UDP 500 > client-ext-ip client-ext-ip > srv-ext-ip UDP 500 srv-ext-ip UDP 500 > client-ext-ip client-ext-ip > srv-ext-ip UDP 4500 client-ext-ip > srv-ext-ip UDP 4500 client-ext-ip > srv-ext-ip UDP 4500 I get the same problem with FreeBSD 8.1R i386 + ipsec-tools 0.8.0 FreeBSD 8.2R amd64 + ipsec-tools 0.7.3 FreeBSD 8.2R amd64 + ipsec-tools 0.8.0 I have compiled the kernel with options IPSEC options IPSEC_DEBUG options IPSEC_FILTERTUNNEL options IPSEC_NAT_T device crypto device enc and I have "nat_traversal on" in racoon.conf. Why is the server trying to send packets to the clients internal address ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F206A27.60006>