AW: [Openswan Users] L2TP-IPsec with NAT-passthrough
juha.pietikainen at connet.net
Wed Sep 29 09:17:48 CEST 2004
I had similar issue with SMC7804WBRA:
I solved the problem by ordering small block of public IP-addresses from my
ISP for both my SMC-router and my Openswan server.
I have disabled NAT-function from SMC7804WBRA. Router seems to have problems
with DHCP assigned public IPs so I had to assign my IPs manually to the
Now my configuration consists of NATed windows XP pro (sp2) client and
Openswan server with Fedora Core 1 (kernel version 2.4.22-1.2199).
XP pro client has private IP 192.168.1.x behind HomePNA router with IP
Here is my ipsec.conf:
I´m still having problems with routing. I have below error message in
Sep 27 09:55:09 server pluto: "winxp" #2: route-host output:
/usr/local/lib/ipsec/_updown: doroute `ip route add 81.a.b.c/32 via 81.a.b.c
dev ipsec0 ' failed (RTNETLINK answers: Network is unreachable)
L2TP/IPsec connection works if I add route manually to the routing table
(route add 81.a.b.c dev ipsec0) and try to connect after it. This seems to
be very common problem.
----- Original Message -----
From: "Paul Wouters" <paul at xelerance.com>
To: "Andreas Kemper" <kem at comnets.rwth-aachen.de>
Cc: <users at openswan.org>
Sent: Wednesday, September 29, 2004 2:00 AM
Subject: Re: AW: [Openswan Users] L2TP-IPsec with NAT-passthrough
> On Tue, 28 Sep 2004, Andreas Kemper wrote:
>> No, NAT-T definitely does not work with these passthrough routers. I
>> it once with a "real" NAT-device (by means of "iptables" on a linux box),
>> where it's been working properly.
>> Well, now I'm pretty sure that this might be a particular problem of my
>> combination of Kernel 2.4.25 and OSW 1.0.3.
> These two statements contradict each other. If your nat box is breaking
> things, switching kernels or openswan won't help you.
>> Thus I tried the original SuSE 2.4.21-2xx kernel (from version 9.0).
>> Unfortunately, there I had some problems with the configuration. After
>> startup without any existing tunnels, two routes with 0.0.0.0/0 and
>> 22.214.171.124/0 destination have been set-up on "ipsec0" towards the standard
>> gateway. Following startup the entire machine wasn't reachable over the
>> network anymore. ;-(
> include /etc/ipsec.examples/no_oe.conf
>> Does anyone know, whether I can use the SuSE 9.0 binary RPM for SuSE 9.1
> Teh binaries we build we build on 9.1.
> "Non cogitamus, ergo nihil sumus"
> Users mailing list
> Users at openswan.org
More information about the Users