"bad udp cksum" messages from client ipsec connection

Thu, 23 Nov 2006 19:24:00 -0800 

We have someone connecting from an FC4 host running Openswan 2.4.4
behind a firewall to our VPN server running OpenBSD 4.0. They are able
to establish a connection ok but tcpdump shows a bad cksum value for
pings from the client connection:
  # tcpdump -avs 1440 -e -ttt -i fxp4 host 60.44.70.140 and port ipsec-nat-t
  Nov 23 20:51:48.326651 0:a0:c8:9:79:cb 0:7:e9:5d:62:f8 ip 60: 
p5140-ipad207kobeminato.hyogo.ocn.ne.jp.10019 > 
ip67-95-107-117.z107-95-67.customer.algx.net.ipsec-nat-t: [udp sum ok] NAT-T 
Keepalive (DF) (ttl 39, id 0, len 29)
  Nov 23 20:52:02.680356 0:a0:c8:9:79:cb 0:7:e9:5d:62:f8 ip 174: 
p5140-ipad207kobeminato.hyogo.ocn.ne.jp.10019 > 
ip67-95-107-117.z107-95-67.customer.algx.net.ipsec-nat-t: [bad udp cksum e73a!] 
udpencap: esp p5140-ipad207kobeminato.hyogo.ocn.ne.jp > 
ip67-95-107-117.z107-95-67.customer.algx.net spi 0x6AF734AB seq 1 len 132 (DF) 
(ttl 39, id 256, len 160)
  Nov 23 20:52:03.689467 0:a0:c8:9:79:cb 0:7:e9:5d:62:f8 ip 174: 
p5140-ipad207kobeminato.hyogo.ocn.ne.jp.10019 > 
ip67-95-107-117.z107-95-67.customer.algx.net.ipsec-nat-t: [bad udp cksum 62fa!] 
udpencap: esp p5140-ipad207kobeminato.hyogo.ocn.ne.jp > 
ip67-95-107-117.z107-95-67.customer.algx.net spi 0x6AF734AB seq 2 len 132 (DF) 
(ttl 39, id 30211, len 160)
  Nov 23 20:52:04.714478 0:a0:c8:9:79:cb 0:7:e9:5d:62:f8 ip 174: 
p5140-ipad207kobeminato.hyogo.ocn.ne.jp.10019 > 
ip67-95-107-117.z107-95-67.customer.algx.net.ipsec-nat-t: [bad udp cksum faae!] 
udpencap: esp p5140-ipad207kobeminato.hyogo.ocn.ne.jp > 
ip67-95-107-117.z107-95-67.customer.algx.net spi 0x6AF734AB seq 3 len 132 (DF) 
(ttl 39, id 256, len 160)
  Nov 23 20:52:05.714428 0:a0:c8:9:79:cb 0:7:e9:5d:62:f8 ip 174: 
p5140-ipad207kobeminato.hyogo.ocn.ne.jp.10019 > 
ip67-95-107-117.z107-95-67.customer.algx.net.ipsec-nat-t: [bad udp cksum 7874!] 
udpencap: esp p5140-ipad207kobeminato.hyogo.ocn.ne.jp > 
ip67-95-107-117.z107-95-67.customer.algx.net spi 0x6AF734AB seq 4 len 132 (DF) 
(ttl 39, id 256, len 160)
  ...

I've tested both an FC4 and FC5 client behind an OpenBSD 4.0 firewall
connecting to the same OpenBSD 4.0 VPN server and I don't have any
problems.

Anyone with ideas on why this is happening? The client is behind a
Panasonic DN-C200NC firewall (VOIP/NAT/...).

-- 
albert chin ([EMAIL PROTECTED])

Reply via email to