[Swan] android nat vs no-nat
Bob Miller
bob at computerisms.ca
Fri Oct 10 21:35:16 EEST 2014
Merr....
I noticed that the version of libreswan was 3.8, so I figured "hey, I
should update that to 3.10". now nobody can connect, getting
'unsuitable connection for peer'. I didn't find a file warning me of
any problems, so I shutdown the service, make install'd over top of the
old one, and started it up again. Going through the change file, I
don't see anything indicating I need to change my config file. Is there
some trap I overlooked?
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
On Fri, 2014-10-10 at 12:31 -0400, Paul Wouters wrote:
> On Fri, 10 Oct 2014, Bob Miller wrote:
>
> > One thing I find that seems interesting; when the android connects
> > through my LAN, it uses ports 500 and 1245, whereas when it connects
> > through lte, it uses random high number ports, like 59371 instead of
> > 500, which the server responds too, and 48848 instead of 4500, which the
> > server does not respond to. Not sure if this indicates a problem yet,
> > but not sure why it is different, it seems like it shouldn't be...
>
> Your libreswan server must allow any port to udp port 500 and any port
> to udp port 4500. The NAT is causing the android's udp (4)500 packets
> to appear from random high ports.
>
> Paul
More information about the Swan
mailing list