[Openswan Users] l2tp/ipsec not working with nat?
Abraham Iglesias
abraham.iglesias at genaker.net
Wed Jan 9 04:00:59 EST 2008
Hi Jacco,
congratulations for your excellent manuals. I had already updated the
registry as you commented in the mannual.
Moreover, I tested the line
leftnexthop=192.168.1.1
... with no success :(
leftprotoport=17/0
didn't work either.
The thing is that when I try the connection from the windows client, it establishes lots of roadwarrior connections in openswan. IPSEC SA are established 20-25 times. Every time that an IPSEC SA is stablished a new phase I starts again. Any ideas ? :S
Beside, is there any alternative solution to using native vpn client from windows ? I mean, another ipsec client or something that could interoperate with no problems with openswan? :S
Thanks!!!
-bram
Jacco de Leeuw escribió:
> Abraham Iglesias wrote:
>
>
>
>> I'm trying to establish a l2tp/ipsec tunel with windows xp sp2 and RHEL4
>> A.B.C.D (ADSL router wich forwards all packets to 192.168.1.2)
>>
>
> So the server is behind NAT. Did you apply the registry patch to XP?
> (http://www.jacco2.dds.nl/networking/win2000xp-openswan.html#NAT-T)
>
>
>> conn roadwarriors
>> left=192.168.1.2
>>
>
> You also need a leftnexthop=192.168.1.x (the internal IP address of
> the ADSL router).
>
>
>> leftprotoport=17/0
>>
>
> Could you try with leftprotoport=17/1701? AFAIK the only clients that
> want leftprotoport=17/0 are non-updated Windows 2000/XP clients, and
> these don't support NAT-T anyway.
>
> Jacco
>
More information about the Users
mailing list