NAT-OA patch, was Re: [Openswan Users] OpenSwan 2.3.0 L2TP response in plaintext

Jacco de Leeuw jacco2 at dds.nl
Tue Mar 1 22:40:49 CET 2005


>> Forgot to mention, perhaps this patch by Bernd Galonska fixes
>> the problem?

(Which was a NATed server with L2TP/IPsec Windows Road Warriors).

>> http://lists.openswan.org/pipermail/users/2005-February/003927.html
> 
> The patch is still in the queue to be investigated and applied in some 
> form or shape.

The patch does indeed solve the problem for me (still had to use the
leftnexthop= parameter though) but I wouldn't know if it causes other
problems, or even worse, a security issue.

But what I don't understand is why removing the NAT-OA fixes the problem.
The RFC says it MUST be send in transport mode. Is Microsoft way off here?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list