NAT-D payload #1 doesn't match? (but is working OK…?)



  • I've configured pfSense v2.0 with IPsec and am connecting with my iPhone 5 (iOS 6.0) and it connects fine and appears to be working, but I'm examining the raccoon logs and I see the following message:

    (top message is most recent, log is in reversed order)

    racoon: INFO: Adding remote and local NAT-D payloads.
    racoon: [Self]: [173.163.150.33] INFO: Hashing 173.163.150.33[500] with algo #2
    racoon: [166.137.96.222] INFO: Hashing 166.137.96.222[61941] with algo #2
    racoon: INFO: NAT detected: PEER
    racoon: INFO: NAT-D payload #1 doesn't match
    racoon: [166.137.96.222] INFO: Hashing 166.137.96.222[61941] with algo #2
    racoon: INFO: NAT-D payload #0 verified
    racoon: [Self]: [173.163.150.33] INFO: Hashing 173.163.150.33[500] with algo #2
    

    Everything seems to be working fine with the VPN, but I saw the "NAT-D payload #1 doesn't match" message and I started investigating.

    It looks like this is normal and these NAT-D payloads are used to test for the presense of NAT but I thought I'd post here and double-check and nothing is wrong with my configuration.

    Thanks,
    John


Log in to reply