[Openswan Users] l2tp client with NAT

Jacco de Leeuw jacco2 at dds.nl
Fri Dec 31 00:19:09 CET 2004

Ivan wrote

> I want to set up l2tp/ipsec vpn.
> But when I put the client behind NAT gateway
> the ipsec connection cannot be established.
 > Windows client has SP3 installed, so the nat traversal
 > update should be present.

No, the NAT-T update is not included in SP3 for Windows 2000.
You need to download and install Q818043. The update is included
in SP2 for Windows XP, however.

> [@VPN_SERVER]:17/0...cg.cg.cg.cg[Client's CN]:17/1701
This is an indication that the NAT-T update has not been installed.
Otherwise it would have been 17/1701.

> But I observe no ESP traffic from VPN server to client.

With the NAT-T update there might not be any ESP traffic
(IP 50). It may be encapsulated in UDP 4500.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list