[Openswan Users] Win XP SP2 and NAT + OS 2.3.1

Fabien Tivolle fabien.tivolle at phdmedical.com
Mon May 30 11:29:50 CEST 2005


Thanks to Jacco and Norman, unfortunatly it did not solved the problem:

---1- Norman
 From what I have read the NAT-T is enable by default (on the client
side) for SP2.
but I have checked and update this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec\AssumeUDPEncapsulationContextOnSendRule
is set to 2
[http://support.microsoft.com/?scid=kb%3Ben-us%3B885407&x=12&y=8]

NB: My setup is working with IPsec passthrough enabled on the WRT54G,
with an openswan client. (Is there a way to disable NAT-T on windows XP
SP2? I found none.)


---2- Jacco
I did the update on my lab setup. No changes. Here is the update of my
barf and configuration:

http://merou.homelinux.org/ipsec-barf.txt

ipsec.conf:

version 2.0
config setup
       # Debug-logging controls:  "none" for (almost) none, "all" for lots.

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,,%v4:!192.168.204.0/24
       nat_traversal=yes

conn %default
      keyingtries=5
      compress=no
      disablearrivalcheck=no
      authby=rsasig
      leftrsasigkey=%cert
      rightrsasigkey=%cert

conn L2TP-cert-xpe2
      authby=rsasig
      left=192.168.204.101
      leftcert=phdtele000.pem
      leftprotoport=17/1701
      right=192.168.204.119
      rightsubnet=vhost:%no,%priv
      rightcert=xpe2.pem
      rightprotoport=17/1701
      auto=add
      pfs=no

# Disable OE encryption
include /etc/ipsec.d/examples/no_oe.conf

Thanks for any ideas/hints.
Fabien



More information about the Users mailing list