NAT-OA patch, was Re: [Openswan Users] OpenSwan 2.3.0 L2TP response in plaintext

Jacco de Leeuw jacco2 at
Tue Mar 1 22:40:49 CET 2005

>> Forgot to mention, perhaps this patch by Bernd Galonska fixes
>> the problem?

(Which was a NATed server with L2TP/IPsec Windows Road Warriors).

> The patch is still in the queue to be investigated and applied in some 
> form or shape.

The patch does indeed solve the problem for me (still had to use the
leftnexthop= parameter though) but I wouldn't know if it causes other
problems, or even worse, a security issue.

But what I don't understand is why removing the NAT-OA fixes the problem.
The RFC says it MUST be send in transport mode. Is Microsoft way off here?

Jacco de Leeuw                         mailto:jacco2 at
Zaandam, The Netherlands 

More information about the Users mailing list