[Openswan Users] l2tp pass-through

Paul Wouters paul at xelerance.com
Sun Apr 8 16:44:22 EDT 2007

On Sat, 7 Apr 2007, Jax wrote:

> Basically I have only one question:
> If I have a winxp l2tp/ipsec client on a nat do I need to forward any
> port to it for connecting to a vpns server which has public IP?

No. In fact, you should explicitely NOT do that.

> Without reading further documents I think it does not need anything for
> the client. It's an up to date sp2 which means it already has the NAT-T
> patch. IPSec in transport mode on the XP machine but it does not send a
> single packet I guess this has nothing to do with it. So it should go
> through on any router without portforwarding, right?

Yes. Check firewall settings. If it still fails to  send a packet (and you
are sure it is not the ISP filtering it before it hits the vpn server),
enable OAKLEY_LOG on windows to get a proper error message.


Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list