[Openswan Users] win-xp (sp2) with nat-t not working with dsl

Paul Freeman paul.freeman at eml.com.au
Sun Nov 5 18:47:27 EST 2006

What is broken in xl2tpd v1.1.05?



EML Consulting Services Pty Ltd Telephone: +61 3 9836 1999
417-431 Canterbury Road Facsimile: +61 3 9836 0517
SURREY HILLS, VICTORIA 3127 Email: Paul.Freeman at eml.com.au

>-----Original Message-----
>From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
>Behalf Of Paul Wouters
>Sent: Monday, November 06, 2006 6:17 AM
>To: Gbenga
>Cc: users at openswan.org
>Subject: Re: [Openswan Users] win-xp (sp2) with nat-t not working with dsl
>On Sun, 5 Nov 2006, Gbenga wrote:
>> Apologies for coming back late on this, but it is still not working for
>me. I have changed all the options I think is that were suggested on the
>list without success. I've also upgraded to the latest xl2tpd (v1.1.05). no
>success yet.
>Note that the 1.1.05 release is broken. We will release 1.1.06 on monday.
>> It was mentioned on somewhere by Jacco that he has never had luck using
>kernel 2.6 with l2tpd - rw, so I have configure a kernel version
>with all the necessary patches. I will report back on my adventure.
>We did not test NETKEY with xl2tpd.
>> One strange thing I noted in the auth.log is that: Nov  5 00:03:26 aparo
>pluto[16992]: "l2tp-syseng"[4] #93: STATE_QUICK_R2: IPsec SA
>established {ESP=>0x43f2cdc5 <0x02450523 xfrm=3DES_0-HMAC_MD5
>NATD= DPD=none}
>> "NATD=" !!! this is point to port other than 4500.
>The source port is a random high port on OSX and unpatched Windows XP
>machines. You
>will have to use rightprotoport=17/%any, but that might not exactly work
>either (this
>is a known bug we're working on).
>Users at openswan.org
>Building and Integrating Virtual Private Networks with Openswan:

More information about the Users mailing list