[Openswan Users] L2TP-IPsec with NAT-passthrough
kem at comnets.rwth-aachen.de
Wed Sep 29 19:08:37 CEST 2004
> I had similar issue with SMC7804WBRA:
Well, good point.
> I solved the problem by ordering small block of public IP-addresses from my
> ISP for both my SMC-router and my Openswan server.
Actually I have almost no influence on the address(es) as my DSL-provider
offers them. But at least inside the institute, I have full access to the
VPN- and our DHCP-server. Thus I could provide some more public IPs for
instance to the router's internal interface or the client's external
interface. Nevertheless, this approach is not "clean and smooth", since I
want to offer the VPN-service also to collegues, whereas it always requires
more or less manual intervention for new clients.
> I have disabled NAT-function from SMC7804WBRA. Router seems to have
I wonder how I could switch this of in my box. Whereas again this causes some
trouble, since not all collegues or public WLAN-Routers are SMC ones.
> Here is my ipsec.conf:
> config setup
Hmm, interesting parameter. Never seen/documented before. I guess it means "no
carriage return send?" or similar??
> conn %default
Isn't it the default setting and/or important in this context?
> include /etc/ipsec.d/examples/no_oe.conf
> I´m still having problems with routing. I have below error message in
> Sep 27 09:55:09 server pluto: "winxp" #2: route-host output:
> /usr/local/lib/ipsec/_updown: doroute `ip route add 81.a.b.c/32 via
> 81.a.b.c dev ipsec0 ' failed (RTNETLINK answers: Network is unreachable)
> L2TP/IPsec connection works if I add route manually to the routing table
> (route add 81.a.b.c dev ipsec0) and try to connect after it. This seems to
> be very common problem.
I tried this as well, but probably made a mistake. At least logging of
iptables indicates that the L2TP packets are not leaving ipsec0, due to the
More information about the Users