[Openswan Users] ipsec/l2tp with nat traversal

Paul Wouters paul at xelerance.com
Wed Apr 26 20:33:18 CEST 2006

On Wed, 26 Apr 2006, Trevor Benson wrote:

> OK, after being informed of the ipsec verify I have connected with the
> certificate I was using without l2tp previously and successfully get
> IPSec SA Established
> Now after this I get MS generic garbage error of 678.  I have brought up
> multiple sessions to the gateway, and tail -f /var/log/secure, eth0,
> ipsec0, eth1, and ran l2tpd -D and watched the server.

Did you set a lower then 1500 mtu on your external interface on the l2tp
server? Did you set mtu/mru to 1200 in the l2tpd.conf? Which l2tpd are
you running?

Also check jacco's page: http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html#Error624

> What I see is that the secure log shows SA Established.  Next I see
> packets on the tcpdump for eth0 using port 4500.  During this the
> tcpdump of ipsec0 doesn't show any packets at all

So you see ESPinUDP packets, but no decrypted packets. Check if this is not an MTU

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list