[Openswan Users] L2TP-IPsec with NAT-passthrough (UDP-checksum)
Jacco de Leeuw
jacco2 at dds.nl
Tue Sep 28 13:48:58 CEST 2004
Andreas Kemper wrote:
> I decided to set up L2TP-IPsec in parallel,
> My settings concerning the L2TP-tunnel are almost identical,
> while I just added "rightsubnetwithin=0.0.0.0/0" to allow
> for IPsec-connection of NATted clients.
You should probably restrict rightsubnetwithin= to only the subnet(s)
that you intend to use for the NATted clients.
> Now basically the new set-up is running, as long as I don't connect via
> NAT-passthrough over my router. Unfortunately there is no other option,
> since also my neighbours are connected to the router and "passthrough" can't
> be disabled, to allow for proper NAT-T.
It seems to me that some NAT routers have broken VPN passthrough
for Transport Mode IPsec. If yours is broken too, chalk it up on the
Openswan Wiki: http://wiki.openswan.org/index.php/Firewalls
If you can't disable the VPN passthrough, see if NAT-Traversal works anyway
or you might have to get yourself another device.
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users