[Openswan Users] Help with ipsec/l2tpd and nat on client and
server
Jacco de Leeuw
jacco2 at dds.nl
Mon Jul 10 13:33:39 CEST 2006
Chris Picton wrote:
> I an running a centos 3 server (RHEL3 equivalent), which uses the hybrid
> 2.4/2.6 kernel.
RHEL3 may not be a good choice:
http://lists.openswan.org/pipermail/users/2005-April/004382.html
> The server has been running for a while with natted clients, on
> openswan-utils-2.1.5, using the in-kernel ipsec implementation.
>
> However, the server is now behind a natting gateway, which has a port
> forward to forward all traffic to the server.
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#serverNATed
You need to upgrade to 2.4.5 or install a patch for 2.1.5.
> conn L2TP-PSK
> authby=secret
PSK and NAT could be a source of problems. Certificates are recommended.
> rightsubnet=vhost:%no,%priv
I don't think rightsubnet is supported with PSKs. You should be able to
do without it. Are there no log messages rejecting the L2TP-PSK-nat conn?
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list