[Openswan Users] NAT-T sucess and failure
Jacco de Leeuw
jacco2 at dds.nl
Sat May 1 16:23:08 CEST 2004
> I am trying to establish an IPsec/L2TP connection between natted Windows XP
> Pro (SP1 + 818043 IPsec update) client and FC1 server. My FC1 server is
> natted behind adsl-router with static public ip-address (62.xxx.xxx.xxx).
I must admit that I have never done any testing with double NAT myself.
> I have configured my adsl-router (SMC barricade 7804WBRA) to forward ports
> 500 (isakmp), 1701 (l2tp) and 4500 (UDPENCAP) to the FC1 server.
I don't think you need to forward UDP 1701 because unencrypted L2TP is
not recommended for use over the Internet.
> When I try to connect Openswan server over internet from the roadwarrior XP
> client, i get Windows error message 792 and FC1 secure log complains "no
> connection is known for 62.xxx.xxx.xxx/32===192.168.xxx.xxx:4500 . . .".
>
> Ipsec.conf has right=%any and rightsubnetwithin-settings correctly setup.
Still, if you get a "no connection known" error, there is some kind of
mismatch with the .conf file...
> Maybe I should also try to remove nat from the server side.
This would help determine whether the double NAT is at fault.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list