Bug#308150: marked as done (racoon: chokes on ISAKMP_NPTYPE_NATOA_DRAFT payload)

Mon, 01 Mar 2010 02:37:46 -0800 

Your message dated Mon, 01 Mar 2010 11:32:05 +0100
with message-id <[email protected]>
and subject line Re: racoon: chokes on ISAKMP_NPTYPE_NATOA_DRAFT payload
has caused the Debian Bug report #308150,
regarding racoon: chokes on ISAKMP_NPTYPE_NATOA_DRAFT payload
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
308150: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308150
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: racoon
Version: 1:0.5.1-1

I use racoon in a mixed environment with both Linux and Windows XP/2000
clients.  It seems that, when the Windows clients are using NAT-T, they
send a "NAT Original Address" payload, which racoon doesn't understand.
It prints "ignore the packet, received unexpecting [sic] payload type
131." messages and, true to its word, ignores the packets, which
obviously means that negotiation fails.

This trivial patch causes racoon to silently ignore the NATOA_DRAFT
payloads, which is sufficient to make things work for me.

Thanks

p.


--- clean/ipsec-tools-0.5.1/src/racoon/isakmp_quick.c	2005-03-02 20:00:43.000000000 +0000
+++ ipsec-tools-0.5.1/src/racoon/isakmp_quick.c	2005-05-08 10:58:21.000000000 +0100
@@ -980,6 +980,9 @@
 			isakmp_check_notify(pa->ptr, iph2->ph1);
 			break;
 
+		case ISAKMP_NPTYPE_NATOA_DRAFT:
+			break;
+
 		default:
 			plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
 				"ignore the packet, "

--- End Message ---
--- Begin Message --- 
This is already fixed since several years directly by upstream and
already included in the stable release in debian.

#ifdef ENABLE_NATT
                case ISAKMP_NPTYPE_NATOA_DRAFT:
                case ISAKMP_NPTYPE_NATOA_RFC:
                        /* Ignore original source/destination
messages */
                        break;
#endif

thanks

stefan
-- 
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------

--- End Message ---

Reply via email to