[Openswan Users] XL2TPD/Double NAT issue
vogt at spamcop.net
Sun Oct 14 08:32:23 EDT 2007
Gerald Vogt wrote:
>>> I guess, as I had major issues getting NET_KEY working in that kernel
>>> that made me give up on that and use KLIPS instead this issue could just
>>> as well be some other kind of kernel issue.
>> Yes, that would be the recommened solution. Though the nat-t patch is
>> still a pain to apply to the kernel....
> What is the recommended solution? Getting NET_KEY running?
I finally managed to get the kernel compiled with NET_KEY and the NAT-T
patch from openswan. The situation with NET_KEY is even worse then with
KLIPS: I cannot connect to the server behind the NAT router regardless
whether the client is also behind a NAT router or not. With KLIPS it
does not work only when client and server are behind a NAT router.
With the NET_KEY the packets from the client just disappear on the
server. I get see them coming in with tcpdump. However, xl2tpd never
receives them. If I do an strace on the xl2tpd process I can see that it
only sits there and waits on the select.
Seems like I am really doomed. I would love to put the server on a
public IP but I can't. Most people which have to connect to the server
have their own NAT routers. Thus double NAT is the standard situation
BTW, after various tests with different configurations I have noticed
that I only get it to work at all (i.e. single NAT and no NAT) if the
rightsubnet=vhost:%no,%priv is commented out like in my current config
below. After reading various docs I am a little bit confused whether I
have to add that line or not?
More information about the Users