[Openswan Users] Trouble with L2TP and NAT traversal

Brad Chang openswan at dotnoc.com
Wed May 12 20:02:46 CEST 2004 

:-) Had the same problem, I think it was either firewall rules or how the 
client was setup.  anyhow I followed a couple of tips from this document and 
got it  all working. http://www.netdigix.com/vpn.php  it is the document 
labled "Admin Instructions" and both the vpn client installation pdfs.



Thanks and best regards,
-Brad Chang
-http://www.dotnoc.com


-------------------------------------------------------------------
hosting,web design and managed services @ http://www.dotnoc.com


Quoting Nels Lindquist <nlindq at maei.ca>:

> I've been trying to get roadwarrior Windows clients to connect via 
> L2TP to an OpenSWAN box, but I've run into difficulty.
> 
> I've set things up according to Jacco de Leeuw's excellent 
> documentation, and many things *are* working:
> 
> o Without NAT, Win2K/XP clients can connect via L2TP, using x509 cert 
> authentication.
> 
> o With NAT, the IPSEC stuff *still* seems to be working--both Main 
> Mode and Quick Mode are successful and if I immediately do "ipsec 
> eroute" I see a route like this:
> 
> 206.75.202.39/32:0 -> 192.168.2.100/32:1701 => 
> esp0xccfec62b at 206.75.202.4:17
> 
> However, the Windows client eventually gives up with a "remote server 
> did not respond" error and the IPSEC tunnel is torn down.
> 
> Looking at pppd.log (which normally contains the l2tpd debug 
> information), there are no entries generated at all--no 
> authentication errors, nothing.
> 
> Looking at the Windows oakley.log file, I can't see a difference 
> between a successful non-NAT L2TP setup and an unsuccessful NAT L2TP 
> setup, which again leads me to believe that the IPSEC part is working 
> just fine!
> 
> Is there some other L2TP logging I can turn on to see what's going 
> on?  It kind of feels like the packets are just being null-routed or 
> something... I've checked firewall rules, etc. and I can't see 
> anything obvious.  Also tried turning off rp_filter for all 
> interfaces (rather than just %defaultroute) on the Linux side, but 
> that made no difference.
> 
> Any pointers would be greatly appreciated!
> 
> ----
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

More information about the Users mailing list