[Openswan Users] ipsec/l2tpd up but Terminal server Does not work

[John Riley]

Federico wrote:

>Hello,
>
>I’m having a strange problem:
>Ipsec/l2tpd vpn start corretctly and I can ping in both sides, I can connect
>for example in a ssh to my servers on the LAN 
>But when I try to do a Windows Terminal Service (WTS) connection in a server
>on the LAN, It doesn't work.
>Using tcpdump I can see (encrypted) packets go back and forth from VPN
>server to PC....(I can see also the decrypted packet going in and out from
>eth1 (lan).. WTS packet also... as everything was ok...
>So it seems that the windows clients doesn't work.... but only for wts
>packets...
> 
>
>I already try to modify the mtu size on options.l2tpd, eht3 (VPN), eth1
>(LAN) but....
>
>I use the same l2tpd (0.70)and ipsec (2.2.0.8) version of another vpn
>server (kernel 2.6.8) where everything works fine....
>The only difference with this is the linux kernel: 2.6.16
>Could you help me?
>Thank you in advance 
>
>=============================================
>Federico Viel
>  
>

I had a similar problem but on a VPN without l2tp (straight ipsec) 
getting to WTS via RDP. Our configuration was:

LAN (including 2003 server) --- Openswan Gateway - { Internet } - 
Roadwarriors, generally behind NAT.


Changing MTU on the Linux box did not solve the problem, but setting MTU 
on the Windows 2003 server fixed it. Before setting MTU on the 2003 box, 
we could connect any other protocol we tried (ssh, smb, pings, and a few 
others), and had no trouble connecting to an XP Pro box RDP on the same 
LAN segment as the 2003 box. Also, a Linux client (also behind NAT) 
could connect via RDP to the 2003 server, but the XP Pro clients (using 
lsipsectool) could not.

As I recall, the MTU had to be a rather low setting in the 1200's, and 
this was for VPN over DSL.

Don't know if this will help, but try setting the MTU on the 2003 server.

-- 
John S. Riley, Ph.D.
DSB Scientific Consulting
http://www.dsbscience.com