[Openswan Users] Help with ipsec/l2tpd and nat on client and server

Jacco de Leeuw jacco2 at dds.nl
Mon Jul 10 13:33:39 CEST 2006

Chris Picton wrote:

> I an running a centos 3 server (RHEL3 equivalent), which uses the hybrid
> 2.4/2.6 kernel.

RHEL3 may not be a good choice:

> The server has been running for a while with natted clients, on
> openswan-utils-2.1.5, using the in-kernel ipsec implementation.
> However, the server is now behind a natting gateway, which has a port
> forward to forward all traffic to the server.  

You need to upgrade to 2.4.5 or install a patch for 2.1.5.

> conn L2TP-PSK
>         authby=secret

PSK and NAT could be a source of problems. Certificates are recommended.

>         rightsubnet=vhost:%no,%priv

I don't think rightsubnet is supported with PSKs. You should be able to
do without it. Are there no log messages rejecting the L2TP-PSK-nat conn?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list