[Openswan Users] Using X.509 with a Pocket PC 2003 behind NAT

Jacco de Leeuw jacco2 at dds.nl
Thu May 27 14:38:37 CEST 2004


Trevor Benson wrote:

> Has anyone successfully connected a Pocket PC 2003 with IPSec/L2TP?

I have done some testing with the Pocket PC 2003 emulator (which
requires NAT because it piggy-backs on the host OS):

http://www.jacco2.dds.nl/networking/freeswan-pocketpc.html

I had a bit of a problem with large certificates (fragmentation?).
I don't know if this also happens with a real Pocket PC device
or when there is no NAT.

I did receive a report from someone who used this setup to stream
video over his 802.11bs network but I guess this was without NAT.

> I just patched the L2TP on the laptop, but I don't know of any
> patched to get Pocket PC 2003 to work from behind NAT with L2TP.

Pocket PC 2003 supports the NAT-T draft. Your Openswan box will also
need NAT-T support. Are you using kernel 2.6 ("26sec") or KLIPS?
I think I read that 26sec only supported one particular NAT-T standard,
but I'm not sure. KLIPS should work, but NAT-T in transport mode may
have been disabled by default so you will need to check the logs.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list