[Openswan Users] NAT-T

Oliver Tomkins oliver.tomkins at alliedvehicles.co.uk
Fri Mar 24 17:02:53 CET 2006

> Since your VPN server is behind NAT, it needs to receive port 500 and port 4500
> from your NAT router in front of it.

The VPN server is on a public IP address.  Traffic is allowed in and out 
on both these ports.

>> NATD is as follows:
>> pluto[2132]: "note"[1] XX.XXX.XXX.XX #6: STATE_QUICK_R2: IPsec SA established
>> {ESP=>0x60b11015 <0xeb54ec4a xfrm= 3DES_0-HMAC_MD5 NATD=XX.XX.XX.XX:4500 DPD=none}
> Okay. That looks good. So it should work, at least for a single l2tp client.

You mean a single l2tp client behind *each* NAT device?  I get a 
successful connection and the client is successfully allocated an IP 
address but I don't see any encrypted traffic.



The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk

More information about the Users mailing list