[Openswan Users] NAT-T sucess and failure
Juha Pietikäinen
juha.pietikainen at connet.net
Sat May 1 12:18:31 CEST 2004
Hi,
I have same problem with Fedora core 1 and Openswan 2.1.2rc3. L2tpd version
is 0.69-8jdl.
I am trying to establish an IPsec/L2TP connection between natted Windows XP
Pro (SP1 + 818043 IPsec update) client and FC1 server. My FC1 server is
natted behind adsl-router with static public ip-address (62.xxx.xxx.xxx).
IPsec/L2TP connection works fine in LAN environment inside 192.168.xxx.xxx
network with different Windows XP client.
I have configured my adsl-router (SMC barricade 7804WBRA) to forward ports
500 (isakmp), 1701 (l2tp) and 4500 (UDPENCAP) to the FC1 server.
When I try to connect Openswan server over internet from the roadwarrior XP
client, i get Windows error message 792 and FC1 secure log complains "no
connection is known for 62.xxx.xxx.xxx/32===192.168.xxx.xxx:4500 . . .".
Ethereal capture log shows that server side is receiving and transmitting
ISAKMP and UDPENCAP packets with remote XP client via port 4500.
Ipsec.conf has right=%any and rightsubnetwithin-settings correctly setup.
I have tried both 2048 and 1024 bit x.509 certificates without success. So I
think fragmentation isn't the problem.
Maybe I should also try to remove nat from the server side.
Juha Pietikäinen
More information about the Users
mailing list