[Openswan Users] XL2TPD/Double NAT issue SOLVED!
Gerald Vogt
vogt at spamcop.net
Mon Oct 15 08:58:33 EDT 2007
Frank Schmirler wrote:
> On Mon, 15 Oct 2007 20:52:56 +0900, Gerald Vogt wrote
>> Now I start to wonder do you all really use this
>> DISABLE_UDP_CHECKSUM and fixed the syntax error or do you think it
>> is in there but in fact? Do you really see this message "UDP
>> checksum using NAT-OA disabled at compile time" in the klipsdebug output?
>
> Double checking... Ok - actually compiled and tested a 2.4.7 with the patch
> from bugtracking (#601). So never really tried 2.4.9, only verified that the
> patch is the same.
Compiling the fixed ipsec_rcv.c with DISABLE_UDP_CHECKSUM set solved the
problem. I know can connect to the server through double nat, single nat
and no nat. All with the same configuration file like the one attached
below. The rightsubnet is commented out. If I add it it does not work
anymore.
That was lot of work to get that going...
Happy,
Gerald
> version 2.0 # conforms to second version of ipsec.conf specification
>
> config setup
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.4.0/24
> dumpdir=/tmp
>
> conn L2TP-PSK
> authby=secret
> pfs=no
> left=%defaultroute
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/%any
> #rightsubnet=vhost:%no,%priv
> auto=add
> keyingtries=3
> rekey=no
>
> include /etc/ipsec.d/examples/no_oe.conf
More information about the Users
mailing list