id,summary,reporter,owner,description,type,status,component,version,resolution,keywords,cc,guest,host
6667,UPD Sourceport change breaks natted IPSEC-Connections,vondralbra,,"After upgrading to VBox 3.1.8 a lot of disconnects of a previously working IPSEC(nat)-Tunnel are sighted. Especially when the IPSEC connection gets a bit of a load the connection gets stuck and times out after a while.[[BR]]

When the traffic on the router is monitored there is a sourceport change to be seen.[[BR]]
The IPSEC on the gateway machine tries in vain to send packages to the old port and eventually times out.
[[BR]]
07:02:09.521426 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74c), length 388[[BR]]

07:02:09.522515 IP 91.XXX.XXX.XXX.54800 > 217.XXX.XXX.XXX.4500:
UDP-encap: ESP(spi=0xcd0add00,seq=0x76f), length 244[[BR]]

07:02:09.605433 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74d), length 340[[BR]]

07:02:09.606553 IP 91.XXX.XXX.XXX.54800 > 217.XXX.XXX.XXX.4500:
UDP-encap: ESP(spi=0xcd0add00,seq=0x770), length 356[[BR]]

07:02:09.693363 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74e), length 196[[BR]]

the connection is fine up to that point where the router suddenly sends packets using the source-port 45102 instead of the old 54800 which worked:[[BR]]

07:02:09.693864 IP 91.XXX.XXX.XXX > 217.XXX.XXX.XXX: ICMP 91.XXX.XXX.XXX
udp port 54800 unreachable, length 232[[BR]]

07:02:09.931251 IP 91.XXX.XXX.XXX.45102 > 217.XXX.XXX.XXX.4500:
UDP-encap: ESP(spi=0xcd0add00,seq=0x772), length 356[[BR]]

07:02:10.018333 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74f), length 116[[BR]]

07:02:10.018649 IP 91.XXX.XXX.XXX > 217.XXX.XXX.XXX: ICMP 91.XXX.XXX.XXX
udp port 54800 unreachable, length 152[[BR]]

07:02:10.029414 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x750), length 196[[BR]]

07:02:10.029914 IP 91.XXX.XXX.XXX > 217.XXX.XXX.XXX: ICMP 91.XXX.XXX.XXX
udp port 54800 unreachable, length 23[[BR]]
",defect,closed,network/NAT,VirtualBox 3.1.8,invalid,UDP IPSEC via NAT,,Linux,Linux