[Openswan Users] NAT-T sucess and failure

Juha Pietikäinen juha.pietikainen at connet.net
Sat May 1 12:18:31 CEST 2004


Hi,

I have same problem with Fedora core 1 and Openswan 2.1.2rc3. L2tpd version
is 0.69-8jdl.

I am trying to establish an IPsec/L2TP connection between natted Windows XP
Pro (SP1 + 818043 IPsec update) client and FC1 server. My FC1 server is
natted behind adsl-router with static public ip-address (62.xxx.xxx.xxx).

IPsec/L2TP connection works fine in LAN environment inside 192.168.xxx.xxx
network with different Windows XP client.

I have configured my adsl-router (SMC barricade 7804WBRA) to forward ports
500 (isakmp), 1701 (l2tp) and 4500 (UDPENCAP) to the FC1 server.

When I try to connect Openswan server over internet from the roadwarrior XP
client, i get Windows error message 792 and FC1 secure log complains "no
connection is known for 62.xxx.xxx.xxx/32===192.168.xxx.xxx:4500 . . .".

Ethereal capture log shows that server side is receiving and transmitting
ISAKMP and UDPENCAP packets with remote XP client via port 4500.

Ipsec.conf has right=%any and rightsubnetwithin-settings correctly setup.

I have tried both 2048 and 1024 bit x.509 certificates without success. So I
think fragmentation isn't the problem.

Maybe I should also try to remove nat from the server side.


Juha Pietikäinen



More information about the Users mailing list