[Openswan Users] l2tp pass-through
Jax
cybercorecentre at gmail.com
Wed Apr 11 07:19:35 EDT 2007
Paul Wouters wrote:
> On Sat, 7 Apr 2007, Jax wrote:
>
>
>> Basically I have only one question:
>>
>> If I have a winxp l2tp/ipsec client on a nat do I need to forward any
>> port to it for connecting to a vpns server which has public IP?
>>
>
> No. In fact, you should explicitely NOT do that.
>
>
>> Without reading further documents I think it does not need anything for
>> the client. It's an up to date sp2 which means it already has the NAT-T
>> patch. IPSec in transport mode on the XP machine but it does not send a
>> single packet I guess this has nothing to do with it. So it should go
>> through on any router without portforwarding, right?
>>
>
> Yes. Check firewall settings. If it still fails to send a packet (and you
> are sure it is not the ISP filtering it before it hits the vpn server),
> enable OAKLEY_LOG on windows to get a proper error message.
>
>
Thanks I figured it out what it is so I thought it could be useful for
the others. This pass through thing doesn't do any specific only setup
an input rule for port 520 maybe for 4500 so nothing special just open
the ipsec ports. In openwrt/ddwrt u will met with this.
> Paul
>
>
Jax
More information about the Users
mailing list