[Openswan Users] XL2TPD/Double NAT issue SOLVED!

Gerald Vogt vogt at spamcop.net
Mon Oct 15 08:58:33 EDT 2007


Frank Schmirler wrote:
> On Mon, 15 Oct 2007 20:52:56 +0900, Gerald Vogt wrote
>> Now I start to wonder do you all really use this 
>> DISABLE_UDP_CHECKSUM and fixed the syntax error or do you think it 
>> is in there but in fact? Do you really see this message "UDP 
>> checksum using NAT-OA disabled at compile time" in the klipsdebug output?
> 
> Double checking... Ok - actually compiled and tested a 2.4.7 with the patch
> from bugtracking (#601). So never really tried 2.4.9, only verified that the
> patch is the same.

Compiling the fixed ipsec_rcv.c with DISABLE_UDP_CHECKSUM set solved the 
problem. I know can connect to the server through double nat, single nat 
and no nat. All with the same configuration file like the one attached 
below. The rightsubnet is commented out. If I add it it does not work 
anymore.

That was lot of work to get that going...

Happy,

Gerald

> version	2.0	# conforms to second version of ipsec.conf specification
> 
> config setup
> 	nat_traversal=yes
> 	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.4.0/24
> 	dumpdir=/tmp
> 
> conn L2TP-PSK
> 	authby=secret
> 	pfs=no
> 	left=%defaultroute
> 	leftprotoport=17/1701
> 	right=%any
> 	rightprotoport=17/%any
> 	#rightsubnet=vhost:%no,%priv
> 	auto=add
> 	keyingtries=3
> 	rekey=no
> 
> include /etc/ipsec.d/examples/no_oe.conf



More information about the Users mailing list