Debian Bug report logs - #324753
isakmpd tries to do NAT-T where it shouldn't

version graph

Package: isakmpd; Maintainer for isakmpd is Jochen Friedrich <jochen@scram.de>; Source for isakmpd is src:isakmpd (PTS, buildd, popcon).

Reported by: Ralf Horstmann <ralf.horstmann@gmx.de>

Date: Tue, 23 Aug 2005 19:48:08 UTC

Severity: normal

Found in version isakmpd/20041012-1

Fixed in versions isakmpd/20041012-2, isakmpd/20041012-3

Done: Jochen Friedrich <jochen@scram.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Jean-Francois Dive <jef@debian.org>:
Bug#324753; Package isakmpd. (full text, mbox, link).

Acknowledgement sent to Ralf Horstmann <ralf.horstmann@gmx.de>:
New Bug report received and forwarded. Copy sent to Jean-Francois Dive <jef@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ralf Horstmann <ralf.horstmann@gmx.de>
To: submit@bugs.debian.org
Subject: isakmpd tries to do NAT-T where it shouldn't
Date: Tue, 23 Aug 2005 21:35:51 +0200
Package: isakmpd
Version: 20041012-1

I tried to establish an ipsec tunnel from Linux to OpenBSD. Both
machines are in the same physical network, without any gateway
inbetween:
- Debian/unstable, kernel 2.6.12-1 with isakmpd-20041012-1
- OpenBSD 3.7 with isakmpd in passive mode

After some messages on port 500, the linux client switches to port 4500,
trying to negotiate NAT-T. Here are some log message from the linux box:

204040.533994 Exch 10 nat_t_check_vendor_payload: NAT-T capable peer detected
204040.534016 Exch 10 dpd_check_vendor_payload: DPD capable peer detected
204040.534238 Exch 10 exchange_run: unexpected payload VENDOR
204040.534259 Exch 10 exchange_run: unexpected payload VENDOR
204040.738062 Exch 10 nat_t_exchange_check_nat_d: NAT detected, we're behind it

There is a patch available which solved the problem for me:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/005_isakmpd.patch
The patch applies cleanly to the Debian package.

	Ralf

Reply sent to Jochen Friedrich <jochen@scram.de>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Ralf Horstmann <ralf.horstmann@gmx.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 324753-close@bugs.debian.org (full text, mbox, reply):

From: Jochen Friedrich <jochen@scram.de>
To: 324753-close@bugs.debian.org
Subject: Bug#324753: fixed in isakmpd 20041012-2
Date: Wed, 09 Aug 2006 08:32:11 -0700
Source: isakmpd
Source-Version: 20041012-2

We believe that the bug you reported is fixed in the latest version of
isakmpd, which is due to be installed in the Debian FTP archive:

isakmpd_20041012-2.diff.gz
  to pool/main/i/isakmpd/isakmpd_20041012-2.diff.gz
isakmpd_20041012-2.dsc
  to pool/main/i/isakmpd/isakmpd_20041012-2.dsc
isakmpd_20041012-2_sparc.deb
  to pool/main/i/isakmpd/isakmpd_20041012-2_sparc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 324753@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jochen Friedrich <jochen@scram.de> (supplier of updated isakmpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 21 Feb 2006 14:26:40 +0100
Source: isakmpd
Binary: isakmpd
Architecture: source sparc
Version: 20041012-2
Distribution: unstable
Urgency: low
Maintainer: Jochen Friedrich <jochen@scram.de>
Changed-By: Jochen Friedrich <jochen@scram.de>
Description: 
 isakmpd    - The Internet Key Exchange protocol openbsd implementation
Closes: 318241 320393 324753 325849 334624 346214 358800
Changes: 
 isakmpd (20041012-2) unstable; urgency=low
 .
   * New maintainer (Closes: #358800)
   * Replace SADB_X_SPDADD by SADB_X_SPDUPDATE (Closes: #346214)
   * Fix NAT-T (Closes: #324753)
   * Fix openssl incompatibility with version 0.9.8b (Closes: #334624)
   * Fix dependencies (Closes: #320393, #325849)
   * gcc compiler fixes (Closes: #318241)
   * Update standards version to 3.7.2
Files: 
 d67fc04e88753a55a79fb178d9d791ff 648 net optional isakmpd_20041012-2.dsc
 83a632bfc458a7a118d769ffeae43451 31014 net optional isakmpd_20041012-2.diff.gz
 d271a136686b470a2e1417e3d7d53b2f 608550 net optional isakmpd_20041012-2_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE2f4q0fhX0Y/ocz0RAgTRAJ44EMnPSYYHIGkta1WI6kkzXV1ldQCfdpAb
Zi+npRfJ8aEa/IIdG98nEJU=
=24yF
-----END PGP SIGNATURE-----

Marked as fixed in versions isakmpd/20041012-3. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Fri, 01 Nov 2013 01:21:53 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 29 Nov 2013 07:38:37 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Oct 11 00:24:46 2017; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.