[Openswan Users] L2TP problem... I think
Andrew Tolboe
tolboe at reaction-eng.com
Sun Mar 2 16:42:10 EST 2008
I have not changed the location of the server. The server is on our
firewall/router. It is possible that when I picked up those logs my
laptop was at a place where I was getting a public ip. But right now
I'm at home (behind a little router box). So the server is listening
right on the public ip, so there is no NAT-T on the server side, but it
is possible that the clients are behind NAT-T. Is this incorrect usage
of that setting? I did try adding that registry key to my laptop but
I'm getting the same results, it connects, does not receive anything,
drops the link.
auth.log.0:Feb 28 19:03:05 firewall pluto[27318]: "l2tp-X.509"[3]
155.101.182.89 #4: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
auth.log:Mar 2 14:18:33 firewall pluto[746]: "l2tp-X.509"[1]
155.97.239.238 #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Thanks for your time
-Andrew T.
Jacco de Leeuw wrote:
> Andrew Tolboe wrote:
>
>
>> Mar 2 12:17:48 firewall pluto[28954]: ERROR: asynchronous network error
>> report on br0 (sport=4500) for message to 155.97.239.238 port 4500,
>> complainant ***.***. 103.174: No route to host [errno 113, origin ICMP type
>> 3 code 1 (not authenticated)]
>>
>
> You must have changed something since the previous log snippet that you
> posted, because UDP port 4500 is only used when NAT is involved.
> What does "NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:"
> say? Did you move the server behind a NAT router? If so, did you remember
> to use leftnexthop and did you apply the registry patch to your Windows
> box if you use XP SP2 or higher?
>
> Jacco
>
More information about the Users
mailing list