[Openswan Users] openswan/l2tp client to windows 2003 server
Jacco de Leeuw
jacco2 at dds.nl
Tue Mar 22 23:45:51 CET 2005
Peter Teufl wrote:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal)
I don't understand why Openswan selects the RFC 3947 method (=109).
It's a brand new RFC. Windows 2003 does not support it, right? The Vendor
IDs that Windows sends do not announce support for it. And as far as
I know RFC 3947 and draft-ietf-ipsec-nat-t-ike-02 are not the same.
> I have already used an openswan server with l2tp and windows clients. On
> openswan I could see that when a windows client initiated a connection,
> draft-ietf-ipsec-nat-t-ike-02/03 was activated. I thought that maybe I
> could force openswan to use this draft in my current situation. The
> interesting thing is that when I change the value in the source, I can
> see some UDP packets from/to port 4500.
Hm, this is what one would expect.
> But then the connection fails...
You get "xxx ID returned doesn't match my proposal"? What was the exact error?
Perhaps this is where the 17/0 issue kicked in. When you patched the source
to force the draft NAT-T, did you use 17/1701 or was it still at 17/0?
If it was the latter, could you repeat with 17/1701?
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users