[Openswan Users] ipsec0 can't reach l2tpd

[Giovani Moda - MR Informática]

Hi folks,

I'm finally testing my L2TP/IPSEC on an real enviroment (ADSL, NAT-T and all 
that), and I'm kinda stuck with this problem.

I can tunnel in just fine, using Windows XP VPN Client with x.509 certs, but 
I can't seem to reach the l2tpd daemon wich is listening in my internel 
interface.

I've already added this firewall rule:

$IPTABLES -t nat --append PREROUTING -i ipsec0 -p udp --sport 1701 --dport 
1701 -j DNAT --to-destination 192.168.1.1

being 192.168.1.1 my internal interface, and l2tpd.conf with:

# Bind address
listen-port 1701
listen-addr 192.168.1.1

to my firewall script, but that didn't do the trick.

I know this is an firewall issue, but even if I unload all my firewall rules 
but the one above, the damn thing just doesn't work.

Following is my ipsec.conf:

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        klipsdebug=none
        plutodebug=none
        interfaces="ipsec0=myexternalinterface"
        nat_traversal=yes
        uniqueids=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:!192.168.1.1/24

conn %default
        compress=no
        disablearrivalcheck=no

conn inet-XP
        type=transport
        authby=rsasig
        pfs=no
        left=my.external.ip.number
        leftrsasigkey=%cert
        leftcert=mycertname.pem
        leftprotoport=17/1701
        right=%any
        rightrsasigkey=%cert
        rightprotoport=17/1701
        auto=add
        leftsendcert=yes
        keyingtries=1


I'm trying to connect an WinXP SP2 Box -> ADSL (routed with NAT) -> Linux 
(Directly connected to internet)

Can anyone throw me a shred of light?

Thanks in advance.

Giovani