[Openswan Users] Roadwarriors can't access network behind server despite successful IPsec SA
rcabell at gmail.com
Tue Feb 5 15:21:48 EST 2008
Unfortunately, I have no control over the security policies on the wireless
network at the customer's facility, but on the plus side this network does
hand out un-NATed IPs.
I'll look into moving the L2TP/IPsec server to an exposed host on our end.
On Feb 5, 2008 12:22 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 5 Feb 2008, Ryan Cabell wrote:
> > I'm trying to work out an issue that I've been struggling with for over
> > week now. I am trying to support roadwarrior clients (using Mac OS X)
> > connecting to xl2tpd on an Openswan (2.4.10) server behind a NAT router.
> > Some of these clients are using a customer's wireless network that does
> > allow access to port 4500, only UDP port 500 and ESP/AH, so I can't use
> > NAT-T.
> Then you cannot use IPsec.
> > I finally got the IPsec handshake working by turning off NAT-T and
> > "IPsec Passthrough" on the gateway. However, clients can't access the
> > server (or anything else) when connected.
> ipsec passthrough will not work with more then one client - if you get it
> work at all in transport mode.
> The fix is to allow port 4500. It's mandatory. Push it through or switch
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users