[Openswan Users] Openswan 2.3.1 vs XP SP2 , malformed payload
in packet
Jacco de Leeuw
jacco2 at dds.nl
Tue May 3 18:39:01 CEST 2005
Elias Valea Peri wrote:
> Recently we've tried to mount a IPSec/L2TP server to allow company users
> (XP_SP2 and Pocket PCs) to connect to our network
> All the clients behind a client-side NAT are capable to connect to the VPN
> and runnig ok, but surprising!! a few clients that are directly connected
> to the Internet and own a public IP (i.e using a modem) not.
>
> - Using forceencaps to force NAT-T works (you can see it in the log 'both
> are NATed')
But what do you see in the logs without forceencaps?
> - investigate about IPSec-passthrough devices between server and clients,
> but there're many ISPs involved and is difficult to detect...
There are ISPs that do IPsec-passthrough? Yikes.
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You have to exclude your internal network here. Add something like this:
...,%v4:!192.168.1.0/24
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list