[Openswan Users] udp/4500 (NAT-T) blocking by my (common?)
WLAN-Router
Jacco de Leeuw
jacco2 at dds.nl
Sat Oct 23 01:04:11 CEST 2004
Andreas Kemper wrote:
> I would like to switch to NAT-T mode, rather then using the VPN-passthrough
> mode of my SMC wireless router.
>
> The background for this are problems handling transport mode ESP-packets
> from L2TP/IPsec in case these are transparently passing the NAT-device.
>
> While sniffing a bit with ethereal, I found that the SMC blocks (at least
> outgoing) packets, as soon as encapsulation to udp/4500 is enabled.
Are you sure? How did you check this? If this is true it would be really
malicious. What model SMC do you have?
> Now I wonder, whether this behaviour is intended since the device does
> VPN-passthrough (or evtl. for some political reasons) and/or if it's simply
> a specific SMC bug?
You probably meant 'policy' instead of 'political' here :-).
> Nevertheless, I thought about the simplest solution to probably change the
> default NAT-T port, for instance also to udp/10000.
> Even though this value seems to be hard-coded in "nat_traversal.h", I wonder
> if clients (in particular Wintendo L2TP/Ipsec) would accept a different port
> during connection establishment??
Seems unlikely to me. But you could search the registry to see if the
port can be modified.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list