[Openswan Users] openswan/l2tp client to windows 2003 server

Jacco de Leeuw jacco2 at dds.nl
Tue Mar 22 23:45:51 CET 2005

Peter Teufl wrote:

> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) 

I don't understand why Openswan selects the RFC 3947 method (=109).
It's a brand new RFC. Windows 2003 does not support it, right? The Vendor
IDs that Windows sends do not announce support for it. And as far as
I know RFC 3947 and draft-ietf-ipsec-nat-t-ike-02 are not the same.

> I have already used an openswan server with l2tp and windows clients. On 
> openswan I could see that when a windows client initiated a connection, 
> draft-ietf-ipsec-nat-t-ike-02/03 was activated. I thought that maybe I 
> could force openswan to use this draft in my current situation. The 
> interesting thing is that when I change the value in the source, I can 
> see some UDP packets from/to port 4500.

Hm, this is what one would expect.

> But then the connection fails... 

You get "xxx ID returned doesn't match my proposal"? What was the exact error?

Perhaps this is where the 17/0 issue kicked in. When you patched the source
to force the draft NAT-T, did you use 17/1701 or was it still at 17/0?
If it was the latter, could you repeat with 17/1701?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list