[Openswan Users] Can't connect Win98 MSL2TP clienttoOpenSwanServer

Mark Cave-Ayland m.cave-ayland at webbased.co.uk
Tue Jul 5 18:09:51 CEST 2005

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Jacco de Leeuw
> Sent: 05 July 2005 13:56
> To: users at openswan.org
> Subject: Re: [Openswan Users] Can't connect Win98 MSL2TP 
> clienttoOpenSwanServer


> I'm not sure if you understand. The private subnets listed in 
> virtual_private are the ones that are allowed for use by 
> (Windows) clients behind NAT. In most cases you don't know in 
> advance what subnets the folks at home are using, so usually 
> you list all possible subnets. However, you also need to 
> *exclude* subnets used by the VPN router, otherwise your IP 
> routing does not work (can't use the same subnet on disjoint 
> networks).
> Jacco

Hi Jacco,

I think I see now - I've tried to draw a rough ASCII diagram of the
roadwarrior setup I'm trying to implement below (apologies if it doesn't
come out as expected):


NAT router          		|                                  |   NAT
router (IPSec GW)                            213.x.x.x
(internal, can vary)    (external, can vary)                  (external)
(servers required by

So when the roadwarrior connects to the local IPSec GW, then even after
NAT-T then openswan will see the connection as being between and
213.x.x.x, and not from between and 213.x.x.x? In that case,
would that mean my roadwarrior in the diagram above would be unable to
connect? :(

Many thanks,


WebBased Ltd
17 Research Way
Tamar Science Park
PL6 8BT 

T: +44 (0)1752 797131
F: +44 (0)1752 791023
W: http://www.webbased.co.uk

More information about the Users mailing list