[Openswan Users] Using X.509 with a Pocket PC 2003 behind NAT
Jacco de Leeuw
jacco2 at dds.nl
Thu May 27 14:38:37 CEST 2004
Trevor Benson wrote:
> Has anyone successfully connected a Pocket PC 2003 with IPSec/L2TP?
I have done some testing with the Pocket PC 2003 emulator (which
requires NAT because it piggy-backs on the host OS):
http://www.jacco2.dds.nl/networking/freeswan-pocketpc.html
I had a bit of a problem with large certificates (fragmentation?).
I don't know if this also happens with a real Pocket PC device
or when there is no NAT.
I did receive a report from someone who used this setup to stream
video over his 802.11bs network but I guess this was without NAT.
> I just patched the L2TP on the laptop, but I don't know of any
> patched to get Pocket PC 2003 to work from behind NAT with L2TP.
Pocket PC 2003 supports the NAT-T draft. Your Openswan box will also
need NAT-T support. Are you using kernel 2.6 ("26sec") or KLIPS?
I think I read that 26sec only supported one particular NAT-T standard,
but I'm not sure. KLIPS should work, but NAT-T in transport mode may
have been disabled by default so you will need to check the logs.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list