[Openswan Users] NAT-T & non-NAT clients
Paul Wouters
paul at xelerance.com
Tue Mar 28 18:44:30 CEST 2006
On Tue, 28 Mar 2006, Oliver Tomkins wrote:
> think this is my last little problem.
>From what I understood from previous emails, it is not. Since you have
the issue of multiple l2tp connections from behind NAT.
> My non-NAT clients connect fine but when my NAT clients attempt to connect it
> seems to select the incorrect (non-NAT) connection definition - which fails
> with: cannot respond to IPsec SA request because no connection is known for
>
> When I have *just* the clients behind NAT in the ipsec.conf the connection
> works first time?
The example files for l2tpd in /etc/ipsec.d/examples should show this.
Use two seperate connections. eg do not use rightsubnet=vhost:%no,%priv, but
use one without rightsubnet, and one with rightsubnet=vhost:%priv .
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list