[Openswan dev] 2.4.5dr3 NAT-T + L2TP still broken
Dirk Nehring
dnehring at marcant.net
Mon Dec 19 12:41:25 CET 2005
On Mon, Dec 12, 2005 at 07:45:05PM +0100, Jacco de Leeuw wrote:
> Dirk Nehring wrote:
>
> >since months I'm fighting against the NAT-T problem which was introduced
> >after 2.3.1.
>
> Could you post your ipsec.conf as well? Perhaps there is an issue with it,
> a routing problem for instance. It seems you are using a PSK. NAT-T and
> PSKs are a bit troublesome (I'll let the developers explain why). Does
> the problem occur with certificates too?
Sure:
conn L2TP
left=1.2.3.4
right=%any
rightsubnet=vhost:%no,%priv
rightprotoport=17/1701
leftprotoport=17/1701
pfs=no
keyingtries=3
authby=secret
ike=3des-md5
esp=3des-sha1,3des-md5
auto=add
I haven't tested it with client certificates for IPSec.
Dirk
More information about the Dev
mailing list