Fragmented IP packages are corrupted when using NAT

[spooc]

I'm running Windows 7 with a Windows 7 virtual box. Inside the virtual box I'm trying to set up a IPSec session, however since the session failed to connect I was forced to network debug to find the problem. The IPSec uses UDP hole punching to connect through NAT. I started two Wireshark sessions, one in the host machine and one in the virtual box. After an hour or so I found the problem. The session died from a fragmentation timeout after 3 fragmented packages where failed to be reassembled. In the attached image you can see the 6 packages coming (3 datagrams with 2 fragments each) in from the remote IPSec server to the left (the remote IP has been redacted as it's classified - the black box contains the same remote IP.) To the right you can see wireshark running in the virtual machine. I have aligned the logs so the packages matches each other top-down. Interestingly enough the NAT rewrote the ID's in the IP header for some reason.

Now the problem as you can see is that the remote IP is corrupted and becomes "10.0.2.2" in every fragment after the first - therefore the virtual machine cannot reassemble them since they are coming from different hosts. Please fix this.

I did not attach the VBox.log since it did not contain any relevant information from what I could see. I tried several times using different virtual network interfaces. The problem as I see it is that your NAT-translator corrupts the packages.

[spooc]

NAT IP fragment remote address corruption.

[vasily Levchenko]

Could you please attach the logs? And could you please try the following

 # VBoxManage modifyvm "VM name" --nataliasmode proxyonly

More information you can find ​here.

[Frank Mehnert]

No response, closing.