[Openswan Users] Help with ipsec/l2tpd and nat on client and
Jacco de Leeuw
jacco2 at dds.nl
Mon Jul 10 13:33:39 CEST 2006
Chris Picton wrote:
> I an running a centos 3 server (RHEL3 equivalent), which uses the hybrid
> 2.4/2.6 kernel.
RHEL3 may not be a good choice:
> The server has been running for a while with natted clients, on
> openswan-utils-2.1.5, using the in-kernel ipsec implementation.
> However, the server is now behind a natting gateway, which has a port
> forward to forward all traffic to the server.
You need to upgrade to 2.4.5 or install a patch for 2.1.5.
> conn L2TP-PSK
PSK and NAT could be a source of problems. Certificates are recommended.
I don't think rightsubnet is supported with PSKs. You should be able to
do without it. Are there no log messages rejecting the L2TP-PSK-nat conn?
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users