[Openswan Users] Trouble with L2TP and NAT traversal

Nels Lindquist nlindq at maei.ca
Thu May 13 14:47:04 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13 May 2004 at 10:26, Jacco de Leeuw wrote:

> Are you sure that the NAT-T update has been installed on the Windows
> clients?

I *thought* I was sure, but now I'm not.

The "Advanced Networking Pack for Windows XP" is listed in Add/Remove 
programs, but that isn't it, right?

I went to Windows Update, but L2TP/IPSEC Update is not listed under 
recommended updates, and when I do an advanced search in the catalog 
for article 818043, there are no results.

According to that KB article, the file version on Oakley.sys should 
be 5.1.2600.1240 with a file date of 02-Jul-2003 13:36.

Mine is 5.1.2600.1106 with a file date of 29-Aug-2002 07:00.

Obviously, I *don't* have the NAT Traversal update installed, but it 
doesn't appear on Windows Update anymore!  Has Microsoft pulled it 
again?  Grr.

> IPsec passthrough has been disabled on the NAT device(s)?

What exactly does IPSEC passthrough refer to?  My assumption would be 
port-forwarding UDP 500 and protocols 50/51 to the NATted device, 
which is definitely not happening.

> And nat_traversal is enabled on Openswan?

That's definitely enabled; "nat_traversal=yes" is set in the config 
setup section of ipsec.conf.

- ----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFAo9C3bxRqvNchgLQRAjQvAJ9ol9wb6QhANbNTqz91CSve2LDY7ACfZ6zk
oW1q58yMLnDAaM9VmPgOCtI=
=GzeR
-----END PGP SIGNATURE-----


More information about the Users mailing list