<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Hello,<br>
I've problem connecting to non-nated openswan server with windows XP
and Vista clients.<br>
I've already posted this problem once and Paul proposed a solution
(replace _updown script with one from newer version of openswan), which
seemed to work at first but turned out to be working only due to an
error
with openvpn. For those who are interested:<br>
I connected to the XP client through remote desktop over an established
openvpn tunnel then initiated the l2tp/ipsec connection to the remote
gateway and it works...only the openvpn tunnel seems to drop. When I
accessed the client physically the next day I
see that both tunnels (ipsec and openvpn) are up and when I shut down
the openvpn the ipsec also dropped. What actually happened is that
windows used the openvpn TAP intefrace to initiate the tunnel
successfully with NAT-T, something I've been trying to do for days...
Without the established openvpn tunnel this doesn't work. <br>
<br>
I've been trying so many things now, including several auth methods and
setups and the new 2.6.24rc1 none seems to work, it's always the same
result:<br>
<br>
<span class="Apple-style-span"
style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">
<pre style="">05:16:42.695880 IP client.4500 > server.4500: UDP-encap: ESP(spi=0x904d56ca,seq=0x1), length 148
05:16:43.695100 IP client.4500 > server.4500: UDP-encap: ESP(spi=0x904d56ca,seq=0x2), length 148
05:16:44.696777 IP server.1701 > client.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |...
05:16:44.696907 IP server.1701 > client.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 ZLB
05:16:45.694978 IP client.4500 > server.4500: UDP-encap: ESP(spi=0x904d56ca,seq=0x3), length 148
05:16:45.695251 IP server.1701 > client.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 ZLB
05:16:45.697577 IP server.1701 > client.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |...
05:16:46.698452 IP server.1701 > client.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |...
05:16:47.699377 IP server.1701 > client.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |...
05:16:48.700148 IP server.1701 > client.1701: l2tp:[TLS](3/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |...
05:16:49.694307 IP client.4500 > server.4500: UDP-encap: ESP(spi=0x904d56ca,seq=0x4), length 148
...this continues until timeout...
barf:
<a class="moz-txt-link-freetext" href="http://ioudas.net/ipsecbarf.txt">http://ioudas.net/ipsecbarf.txt</a>
short config:
<a class="moz-txt-link-freetext" href="http://ioudas.net/conf.txt">http://ioudas.net/conf.txt</a>
The results is the same with both x.509 and psk methods. The server is not NATed, client is behind simple netgear router with ipsec and l2tp pass-through
enabled (without this not a single packet reaches the server for some reason).
Also the problem is identical on both Vista and XP machines. I've seen others being able to successfully connect to
openswan with windows clients behind NAT and I simply cannot figure out the cause of the problems in my scenario.
It has to be a problem with NAT-T, as everything works OK when the clients are not NATed.<span
class="Apple-style-span"
style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"></span>
I'd be grateful for any kind of suggestion.
Marc
</pre>
</span><br>
<br>
</body>
</html>