https://bugzilla.novell.com/show_bug.cgi?id=719464 https://bugzilla.novell.com/show_bug.cgi?id=719464#c0 Summary: Raoon (ipsec-tools) see packet from natted endpoints Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: diego.ercolani@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=452197) --> (http://bugzilla.novell.com/attachment.cgi?id=452197) configuration diagram of my case User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 I have a configuration where a openSuSE 11.4 gateway have to be the endpoint of a VPN but behind I have another ipsec vpn endpoint that it's working in a natted manner The Racoon daemon on the Linux frontend see packet that are obviously destinated to the address of the "public" interface but have to be natted to the internal endpoint. Logs reveal that racoon see these packet and want to manage. There should be a problem in the TCP-IP stack level where RACOON is located. Here it is the log entries that give the evidence (172.30.0.121 is the public interface DMZ address): Sep 21 14:16:58 ale2011 racoon: DEBUG: 200 bytes message received from 149.134.156.109[4500] to 172.30.0.121[4500] Sep 21 14:16:58 ale2011 racoon: DEBUG: #0123b7fc85c daf99c8e 00000000 00000000 01100200 00000000 000000c8 0d000038#01200000001 00000001 0000002c 01010001 00000024 01010000 80010007 80020002#01280040005 80030003 800e0100 800b0001 800c7080 0d000020 7d0f970a 13d772eb#01247f076f2 d64dbe88 2dad7666 00000004 0000061e 0d000014 90cb8091 3ebb696e#012086381b5 ec427b1f 0d000014 4485152d 18b6bbcd 0be8a846 9579ddcc 0d000014#012afcad713 68a1f1c9 6b8696fc 77570100 00000018 48656172 74426561 745f4e6f#01274696679 386b0100 Sep 21 14:16:58 ale2011 racoon: DEBUG: no remote configuration found. Sep 21 14:16:58 ale2011 racoon: ERROR: couldn't find configuration. Sep 21 14:17:00 ale2011 racoon: DEBUG: === The last note is that despite this "warnings" the internal VPN endpoint seem to receive all packets and work as expected. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.