id	summary	reporter	owner	description	type	status	component	version	resolution	keywords	cc	guest	host
6667	UPD Sourceport change breaks natted IPSEC-Connections	vondralbra		"After upgrading to VBox 3.1.8 a lot of disconnects of a previously working IPSEC(nat)-Tunnel are sighted. Especially when the IPSEC connection gets a bit of a load the connection gets stuck and times out after a while.[[BR]]

When the traffic on the router is monitored there is a sourceport change to be seen.[[BR]]
The IPSEC on the gateway machine tries in vain to send packages to the old port and eventually times out.
[[BR]]
07:02:09.521426 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74c), length 388[[BR]]

07:02:09.522515 IP 91.XXX.XXX.XXX.54800 > 217.XXX.XXX.XXX.4500:
UDP-encap: ESP(spi=0xcd0add00,seq=0x76f), length 244[[BR]]

07:02:09.605433 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74d), length 340[[BR]]

07:02:09.606553 IP 91.XXX.XXX.XXX.54800 > 217.XXX.XXX.XXX.4500:
UDP-encap: ESP(spi=0xcd0add00,seq=0x770), length 356[[BR]]

07:02:09.693363 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74e), length 196[[BR]]

the connection is fine up to that point where the router suddenly sends packets using the source-port 45102 instead of the old 54800 which worked:[[BR]]

07:02:09.693864 IP 91.XXX.XXX.XXX > 217.XXX.XXX.XXX: ICMP 91.XXX.XXX.XXX
udp port 54800 unreachable, length 232[[BR]]

07:02:09.931251 IP 91.XXX.XXX.XXX.45102 > 217.XXX.XXX.XXX.4500:
UDP-encap: ESP(spi=0xcd0add00,seq=0x772), length 356[[BR]]

07:02:10.018333 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x74f), length 116[[BR]]

07:02:10.018649 IP 91.XXX.XXX.XXX > 217.XXX.XXX.XXX: ICMP 91.XXX.XXX.XXX
udp port 54800 unreachable, length 152[[BR]]

07:02:10.029414 IP 217.XXX.XXX.XXX.4500 > 91.XXX.XXX.XXX.54800:
UDP-encap: ESP(spi=0xcefe8399,seq=0x750), length 196[[BR]]

07:02:10.029914 IP 91.XXX.XXX.XXX > 217.XXX.XXX.XXX: ICMP 91.XXX.XXX.XXX
udp port 54800 unreachable, length 23[[BR]]
"	defect	closed	network/NAT	VirtualBox 3.1.8	invalid	UDP IPSEC via NAT		Linux	Linux