[Openswan Users] NAT-T & non-NAT clients

Paul Wouters paul at xelerance.com
Tue Mar 28 18:44:30 CEST 2006

On Tue, 28 Mar 2006, Oliver Tomkins wrote:

> think this is my last little problem.

>From what I understood from previous emails, it is not. Since you have
the issue of multiple l2tp connections from behind NAT.

> My non-NAT clients connect fine but when my NAT clients attempt to connect it
> seems to select the incorrect (non-NAT) connection definition - which fails
> with: cannot respond to IPsec SA request because no connection is known for
> When I have *just* the clients behind NAT in the ipsec.conf the connection
> works first time?

The example files for l2tpd in /etc/ipsec.d/examples should show this.

Use two seperate connections. eg do not use rightsubnet=vhost:%no,%priv, but
use one without rightsubnet, and one with rightsubnet=vhost:%priv .

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list