[Openswan Users] l2tp/ipsec not working with nat?

Abraham Iglesias abraham.iglesias at genaker.net
Wed Jan 9 04:00:59 EST 2008


Hi Jacco,
congratulations for your excellent manuals. I had already updated the 
registry as you commented in the mannual.
Moreover, I tested the line

leftnexthop=192.168.1.1

... with no success :(

 leftprotoport=17/0 


didn't work either. 

The thing is that when I try the connection from the windows client, it establishes lots of roadwarrior connections in openswan. IPSEC SA are established 20-25 times. Every time that an IPSEC SA is stablished a new phase I starts again. Any ideas ? :S


Beside, is there any alternative solution to using native vpn client from windows ? I mean, another ipsec client or something that could interoperate with no problems with openswan? :S

Thanks!!!

-bram


Jacco de Leeuw escribió:
> Abraham Iglesias wrote:
>
>
>   
>> I'm trying to establish a l2tp/ipsec tunel with windows xp sp2 and RHEL4 
>>   A.B.C.D (ADSL router wich forwards all packets to 192.168.1.2)
>>     
>
> So the server is behind NAT. Did you apply the registry patch to XP?
> (http://www.jacco2.dds.nl/networking/win2000xp-openswan.html#NAT-T)
>
>   
>> conn roadwarriors
>>         left=192.168.1.2
>>     
>
> You also need a leftnexthop=192.168.1.x (the internal IP address of
> the ADSL router).
>
>   
>>         leftprotoport=17/0
>>     
>
> Could you try with leftprotoport=17/1701? AFAIK the only clients that
> want leftprotoport=17/0 are non-updated Windows 2000/XP clients, and
> these don't support NAT-T anyway.
>
> Jacco
>   




More information about the Users mailing list