[Openswan Users] VPN Server behind NAT

Jacco de Leeuw jacco2 at dds.nl
Fri Apr 1 20:54:46 CEST 2005

Glenn MacGregor wrote:

> I have a OpenSWAN server for roadwarrior (l2tp-ipsec) setup.
> I want to move it behind my firewall (DMZ) and setup a static NAT rule to give
> it a public address.

This is not yet fully supported. You will have to wait for Openswan 2.3.1
or apply an experimental patch by Bernd Galonska:

> O=HighStreet Networks, CN=vpnserver]:17/0...[C=US,
This should have been 17/1701. It means that your Windows 2000/XP client
is lacking NAT-Traversal support.

Either install update Q818043 or apply SP2 if you are using XP.
Note that if you install SP2 you will also need to tweak a registry setting:

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list