[Openswan Users] l2tp + openswan in sarge

Paul Wouters paul at xelerance.com
Tue May 9 21:10:45 CEST 2006

On Tue, 9 May 2006, Stefan Denker wrote:

> On Tue, May 09, 2006 at 06:14:38PM +0200, Paul Wouters wrote:
> > Yes, this uses X.509 certificates. Using PSK in combination with NAT will
> > not work easilly and you shouldn't try it.
> Would you elaborate this please? It's clear to me you shouldn't do it
> cause all clients need to have the same PSK, but I thought, for testing
> purposes they might do...

Virtual IP code dealing with PSK+NAT is broken in 2.4.x. For X.509 it works
better, as long as you don't try multiple l2tp clients behind the same NAT or
with the same internal IP behind different NAT's.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list