[Openswan Users] nat-t and l2tp...
Jacco de Leeuw
jacco2 at dds.nl
Wed Jul 7 13:02:07 CEST 2004
Nels Lindquist schreef:
> Do you have a connection definition for both Win9x and Win2K/XP L2TP
> clients, or just Win2K/XP? I found that for some reason, when the
> 2K/XP clients are NATted they request a different protocol port for
> the L2TP setup.
>
> I added a corresponding Win9x configuration including the line:
>
> leftprotoport=17/1701
>
> and then everything worked fine! When the 2K/XP clients *aren't*
> behind NAT, then "leftprotoport=17/0" works, so you need both
> connection definitions.
The NAT-T update Q818043 is needed for Windows 2K/XP clients behind NAT.
This update requires leftprotoport=17/1701 instead of 17/0. Nevertheless,
it could be that 17/0 on kernel 2.6 still works because it is interpreted
as a willcard, but I'm not sure.
It's probably best to update all Win2K/XP clients with the NAT-T update (one
additional reason is that Microsoft has a tendency to silently fix security
issues with these kinds of feature updates) and forget about 17/0 altogether.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list