[Openswan Users] Trouble with L2TP and NAT traversal
Brad Chang
openswan at dotnoc.com
Wed May 12 20:02:46 CEST 2004
:-) Had the same problem, I think it was either firewall rules or how the
client was setup. anyhow I followed a couple of tips from this document and
got it all working. http://www.netdigix.com/vpn.php it is the document
labled "Admin Instructions" and both the vpn client installation pdfs.
Thanks and best regards,
-Brad Chang
-http://www.dotnoc.com
-------------------------------------------------------------------
hosting,web design and managed services @ http://www.dotnoc.com
Quoting Nels Lindquist <nlindq at maei.ca>:
> I've been trying to get roadwarrior Windows clients to connect via
> L2TP to an OpenSWAN box, but I've run into difficulty.
>
> I've set things up according to Jacco de Leeuw's excellent
> documentation, and many things *are* working:
>
> o Without NAT, Win2K/XP clients can connect via L2TP, using x509 cert
> authentication.
>
> o With NAT, the IPSEC stuff *still* seems to be working--both Main
> Mode and Quick Mode are successful and if I immediately do "ipsec
> eroute" I see a route like this:
>
> 206.75.202.39/32:0 -> 192.168.2.100/32:1701 =>
> esp0xccfec62b at 206.75.202.4:17
>
> However, the Windows client eventually gives up with a "remote server
> did not respond" error and the IPSEC tunnel is torn down.
>
> Looking at pppd.log (which normally contains the l2tpd debug
> information), there are no entries generated at all--no
> authentication errors, nothing.
>
> Looking at the Windows oakley.log file, I can't see a difference
> between a successful non-NAT L2TP setup and an unsuccessful NAT L2TP
> setup, which again leads me to believe that the IPSEC part is working
> just fine!
>
> Is there some other L2TP logging I can turn on to see what's going
> on? It kind of feels like the packets are just being null-routed or
> something... I've checked firewall rules, etc. and I can't see
> anything obvious. Also tried turning off rp_filter for all
> interfaces (rather than just %defaultroute) on the Linux side, but
> that made no difference.
>
> Any pointers would be greatly appreciated!
>
> ----
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.
>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
More information about the Users
mailing list