[Openswan Users]
Martin Schläffer
schlaeff at sbox.tugraz.at
Fri Oct 14 20:48:19 CEST 2005
Hi,
Jacco de Leeuw schrieb:
>
> How about inspecting that Windows 2003 log?
Ok, I've checked the log and further compared it with the log of
connection with a Windows client and NAT.
Connecting with a Windows client server and client both agree to use
Transport-Mode with NAT-T.
When connecting with Linux, Openswan tries to connect without using
NAT-T which can be seen in the following message:
003 "iaik" #1: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal
negotiation
I think that somehow Openswan decides not to use NAT-T (maybe because
the router is capable of ipsec), but the Windows server expects NAT-T
because the client is behind a NAT device.
Therefore the Windows server tries to switch to tunnel mode, which can
be seen in the log.
When I try with tunnel mode the ipsec connection works but the problem
then is, that l2tp does not get a connection with the server!?
I've further found a patch for an older Openswan version to force NAT-T
with nat_traversal=force, but I cannot find a patch which applies to my
source.
Anyway would forcing Openswan to use NAT-T solve my problem or am I
completely wrong?
Martin
More information about the Users
mailing list