[Openswan Users] udp/4500 (NAT-T) blocking by my (common?) WLAN-Router

Jacco de Leeuw jacco2 at dds.nl
Sat Oct 23 01:04:11 CEST 2004


Andreas Kemper wrote:

> I would like to switch to NAT-T mode, rather then using the VPN-passthrough
> mode of my SMC wireless router.
> 
> The background for this are problems handling transport mode ESP-packets
> from L2TP/IPsec in case these are transparently passing the NAT-device.
> 
> While sniffing a bit with ethereal, I found that the SMC blocks (at least
> outgoing) packets, as soon as encapsulation to udp/4500 is enabled.

Are you sure? How did you check this? If this is true it would be really
malicious. What model SMC do you have?

> Now I wonder, whether this behaviour is intended since the device does
> VPN-passthrough (or evtl. for some political reasons) and/or if it's simply
> a specific SMC bug?

You probably meant 'policy' instead of 'political' here :-).

> Nevertheless, I thought about the simplest solution to probably change the
> default NAT-T port, for instance also to udp/10000.
> Even though this value seems to be hard-coded in "nat_traversal.h", I wonder
> if clients (in particular Wintendo L2TP/Ipsec) would accept a different port
> during connection establishment??

Seems unlikely to me. But you could search the registry to see if the
port can be modified.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list