Comments on: IPSEC VPN problems upgrading to Ubuntu Edgy http://johnleach.co.uk/words/archives/2006/11/02/243/ipsec-vpn-problems-upgrading-to-ubuntu-edgy Stuff I think, see and do Sat, 24 Jul 2010 21:50:24 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Santhish http://johnleach.co.uk/words/archives/2006/11/02/243/ipsec-vpn-problems-upgrading-to-ubuntu-edgy/comment-page-1#comment-27833 Santhish Wed, 20 Feb 2008 15:03:09 +0000 http://johnleach.co.uk/words/archives/2006/11/02/243/#comment-27833 Hi, This is regarding the DNAT'ing bug you've been talking about. I came across a similar issue when IPSec and DNAT being used on the same peer. This applies only to kernel version below 2.6.16 and works well for kernel 2.6.18. Observation:For example if I try to use Transparent Proxy using some DNAT..I find a new ESP packet originated from the translated IP(DNAT) towards the far end IPsec peer(Unintended behavior). This results in integrity check failure thus failed Transparent Proxy behavior. Any comments,suggestions and workarounds are welcome. Thanks, Santhish. Hi,

This is regarding the DNAT’ing bug you’ve been talking about.

I came across a similar issue when IPSec and DNAT being used on the same peer. This applies only to kernel version below 2.6.16 and works well for kernel 2.6.18.

Observation:For example if I try to use Transparent Proxy using some DNAT..I find a new ESP packet originated from the translated IP(DNAT) towards the far end IPsec peer(Unintended behavior).

This results in integrity check failure thus failed Transparent Proxy behavior.

Any comments,suggestions and workarounds are welcome.

Thanks,
Santhish.

]]>