[Openswan Users] Windows L2TP/IPsec tunnel mode configuration - howto?

Jacco de Leeuw jacco2 at dds.nl
Thu Oct 21 16:10:13 CEST 2004

Andreas Kemper wrote:

> I'd like to configure my Windows (XP SP2) box to use tunnel- rather than
> transport-mode, which hopefully enables me to use Windows-VPN with my
> NAT-passthrough router. The latter doesn't allow for proper NAT-T, which
> otherwise would be a solution.

The default IPsec policy created by Windows' New Connection Wizard uses
Transport Mode (see also http://support.microsoft.com/kb/q248750/).

If you set the prohibitipsec flag, you could create a manual IPsec policy
that uses Tunnel Mode instead of Transport Mode. You could use MMC or
IPSECPOL.EXE (Windows 2000) / IPSECCMD.EXE (Windows XP) or Marcus Mueller's
IPSEC.EXE. Then you create an L2TP connection that makes use of this policy.

Of course all this is tedious work and error prone...

Alternatively, you could get rid of L2TP altogether, or you could replace the
router with one that is not broken.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list