[Openswan Users] Problem with some ADSL routers

mdandrea mdandrea at terra.com.br
Wed Mar 30 15:23:44 CEST 2005

> Marcelo Mercio Dandrea wrote:
>> I´m using openswan with L2TP windows road-warriors, as explained on the
>> Nate Carson´s page. It almost always works, and after several tests, I
>> found out that when it doesnt, its because the windows notebook is behind
>> some ADSL modens (like DSLINK 200) configured to do NAPT
> If you are using Nate's example ipsec.conf then you need to add this
> line to the "roadwarrior-l2tp" connection:
> rightsubnet=vhost:%no,%priv
> If the ADSL modem is doing IPsec passthrough then you need to disable
> this. It is incompatible with NAT-Traversal.
> Jacco
> --
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl

Hi Jacco,

          Thanks for the reply. Unfortunaly, this ADSL modem doesnt offer any option to turn off IPSEC
Passthough and its manual doesnt even mention it. If it is indeed doing it, its doing automatically and
internally. Any other option I could use? Maybe forcing some rules to "correct" the behavior?                     
         On a side note, I was checking your page about IPSEC + L2TP, and there you mention that NAT-T only
supports one client  behind a certain IP.  This can be really troublesome, specially in a hotel-like situation.
This happens only with L2TP in transport mode or also in tunnel mode using Marcus Muller IPSEC.EXE tool ? 
Fixing this is already planned on a roadmap? 


More information about the Users mailing list