[Openswan Users] Roadwarriors can't access network behind server despite successful IPsec SA
paul at xelerance.com
Tue Feb 5 14:22:03 EST 2008
On Tue, 5 Feb 2008, Ryan Cabell wrote:
> I'm trying to work out an issue that I've been struggling with for over a
> week now. I am trying to support roadwarrior clients (using Mac OS X)
> connecting to xl2tpd on an Openswan (2.4.10) server behind a NAT router.
> Some of these clients are using a customer's wireless network that does not
> allow access to port 4500, only UDP port 500 and ESP/AH, so I can't use
Then you cannot use IPsec.
> I finally got the IPsec handshake working by turning off NAT-T and enabling
> "IPsec Passthrough" on the gateway. However, clients can't access the L2TP
> server (or anything else) when connected.
ipsec passthrough will not work with more then one client - if you get it to
work at all in transport mode.
The fix is to allow port 4500. It's mandatory. Push it through or switch ISP's.
More information about the Users