[Openswan Users] IPSec, Windows XP/2000 and Dead Peer Detection
Andrej Trobentar
andrej.trobentar at rikom.si
Fri Oct 14 21:51:26 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Wouters wrote:
>
> A new dr should be released today that address a bug on 2.4.31 kernels and
> NAT-T. Perhaps that will fix your problem.
>
> Paul
The 2.4.2dr2 compiles without problems and my static tunnels work
without problems - with no changes to ipsec.conf! BUT my roadwarriors
don't work anymore :(
At the windows command prompt at a roadwarrior (no NAT):
"ping <internal_host>" works
"ping -l <anything greater than 487> <internal_host>" DOESN'T work
I have tried to decrease the MTU and MRU settings in options.l2tpd as
mentioned in the theme
"http://lists.openswan.org/pipermail/users/2005-September/006392.html",
but with no luck. Normal ping works, but if I increase the packet size I
don't get a response. So http browsing, ssh, telnet, ... doesn't work.
I coudn't test a roadwarrior behind NAT yet, but I guess the problem
would remain.
Test done on kernel 2.4.31, openswan 2.4.2dr2, l2tpd-0.69-13jdl (a new
SRPM send to me by Jacco yesterday).
Any ideas?
- --
Thanks,
Andrej.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFDT/4uVd/NU2yFfAoRAg43AJ457Su21RyPhdoPKJ+y+nEtuTmo0ACgtaA8
WCtovvqxbMzSkBIAmKoIrRQ=
=WwRX
-----END PGP SIGNATURE-----
More information about the Users
mailing list