[Openswan Users] udp/4500 (NAT-T) blocking by my (common?) WLAN-Router

Andreas Kemper kem at comnets.rwth-aachen.de
Fri Oct 22 10:58:47 CEST 2004


I would like to switch to NAT-T mode, rather then using the VPN-passthrough
mode of my SMC wireless router.

The background for this are problems handling transport mode ESP-packets
from L2TP/IPsec in case these are transparently passing the NAT-device.

While sniffing a bit with ethereal, I found that the SMC blocks (at least
outgoing) packets, as soon as encapsulation to udp/4500 is enabled. Contrary
to this, for instance udp/10000 packets (from Cisco's VPN-client) aren't

Now I wonder, whether this behaviour is intended since the device does
VPN-passthrough (or evtl. for some political reasons) and/or if it's simply
a specific SMC bug? What are your experiences with other devices?

Nevertheless, I thought about the simplest solution to probably change the
default NAT-T port, for instance also to udp/10000.
Even though this value seems to be hard-coded in "nat_traversal.h", I wonder
if clients (in particular Wintendo L2TP/Ipsec) would accept a different port
during connection establishment??


More information about the Users mailing list