NAT-OA patch, was Re: [Openswan Users] OpenSwan 2.3.0 L2TP
response in plaintext
Jacco de Leeuw
jacco2 at dds.nl
Tue Mar 1 22:40:49 CET 2005
>> Forgot to mention, perhaps this patch by Bernd Galonska fixes
>> the problem?
(Which was a NATed server with L2TP/IPsec Windows Road Warriors).
>> http://lists.openswan.org/pipermail/users/2005-February/003927.html
>
> The patch is still in the queue to be investigated and applied in some
> form or shape.
The patch does indeed solve the problem for me (still had to use the
leftnexthop= parameter though) but I wouldn't know if it causes other
problems, or even worse, a security issue.
But what I don't understand is why removing the NAT-OA fixes the problem.
The RFC says it MUST be send in transport mode. Is Microsoft way off here?
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list