<div dir="ltr">I reverted it back to openswan 2.6.27 and the same problem exists.<div>(Note: Openswan 2.6.27 works fine with multiple ipsec tunnels behind a nat).</div><div><br></div><div>Anyways I tried on the server side to run a dummy server: nc -u -l -p 1701</div>
<div>and the behavior is kinda strange. I see android client l2tp packets on ipsec0 interface but nothing appears on the dummy server except one last packet. On the other hand, when I run a linux client, all packets seen on ipsec0 are shown on the dummy server (ofcourse some crypted Ascii).</div>
<div><br></div><div>I don't understand the problem. And don't know how to proceed!</div><div><br></div><div><br><br><div class="gmail_quote">On Thu, Jul 1, 2010 at 6:37 PM, Majid Khonji <span dir="ltr"><<a href="mailto:majid@khonji.org">majid@khonji.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr">One thing more:<div>Even though I used iptables and iproute2, still xl2tpd is not happy at all. It simply it doesn't like IPsec.</div>
<div>When I run without ipsec tunnel, it just damn works!!!</div><div>
<br></div><div>Using NETKEY, xl2tpd was pretty happy (but again nooo damn multiple clients behind a shitty natttt)<div><div></div><div class="h5"><br><br><div class="gmail_quote">On Thu, Jul 1, 2010 at 6:32 PM, Majid Khonji <span dir="ltr"><<a href="mailto:majid@khonji.org" target="_blank">majid@khonji.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">There is a small mistake in the problem description, let me rewrite it:<div><br><div><div><div>
I am trying to use android 1.6 road-warriors behind nat.</div></div><div>using protostack=klips, the android client sends packets to ipsec0 successfully ( but source ip = Public ip), However, xl2tpd sends responses back through the physical interface (based on the routing table).</div>
<div>On the other hand, when I try a linux client (behind nat as well), the client shows a private IP inside ipsec0, and works with xl2tp just fine</div><div><div><br></div><div>My network is:</div><div><br></div>
<div>VPN server (public dhcp address) <---> internet <---> nat GW <---> Android roadwarrior <br clear="all">
</div><div><br></div></div><div>I am using kernel 2.6.32 (patched), openswan 2.6.28dr1 (2.6.27 couldn't work with multiple clients behind nat!!)</div><div><br></div><div><br></div><div><br></div><div>I used the following iptables rules:</div>
<div><br></div><div># iptables -t mangle -A OUTPUT -o eth0 -p udp --sport 1701 -j MARK --set-mark 2</div><div># iptables -t mangle -A INPUT -i eth0 -p udp --dport 1701 -j MARK --set-mark 2</div><div><br></div><div><br></div>
<div># ip rule </div><div><div>0:<span style="white-space:pre-wrap">        </span>from all lookup local </div><div>32764:<span style="white-space:pre-wrap">        </span>from all fwmark 0x2 lookup IPSEC </div>
<div>32766:<span style="white-space:pre-wrap">        </span>from all lookup main </div><div>32767:<span style="white-space:pre-wrap">        </span>from all lookup default</div></div><div><br></div>
<div><br></div><div># ip route show table IPSEC</div><div><div>default dev ipsec0 </div></div><div><br></div><div><br></div><div>Please help guys.</div><div><div></div><div><div><br></div><div><br></div><div><br>
</div><br><div class="gmail_quote">
On Thu, Jul 1, 2010 at 3:22 AM, Majid Khonji <span dir="ltr"><<a href="mailto:majid@khonji.org" target="_blank">majid@khonji.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Dear all,<div><br></div><div>I am trying to use android 1.6 road-warriors behind nat.</div><div>using protostack=klips, the android client sends packets to eth0 successfully (with source ip = Public ip), However, xl2tpd sends responses back through the physical interface (based on the routing table).</div>
<div>On the other hand, when I try a linux client (behind nat as well), the client shows a private IP inside ipsec0, and works with xl2tp.</div><div><br></div><div>A dirty solution could be though iptables, but I am feeling lazy reading man page. If you have some, please give me.</div>
<div><br></div><div>My network is:</div><div><br></div><div>VPN server (public dhcp address) <---> internet <---> nat GW <---> Android roadwarrior )<br clear="all"><br>-- <br>Regards,<br><br>Majid Khonji<br>
<br>
</div></div>
</blockquote></div><br><br clear="all"><br></div></div>-- <br>Regards,<br><br>Majid Khonji<br><br>
</div></div></div>
</blockquote></div><br><br clear="all"><br></div></div>-- <br>Regards,<br><br>Majid Khonji<br><br>
</div></div>
</blockquote></div><br><br clear="all"><br>-- <br>Regards,<br><br>Majid Khonji<br><br>
</div></div>