[Openswan Users] Unable to connect to Openswan/L2TP from Sprint Wireless Broadband

Jacco de Leeuw jacco2 at dds.nl
Tue Mar 4 07:33:54 EST 2008

Paul Wouters wrote:

> No, that means there IS filtering going on. Proto 50 filtering. with
> forceencaps, you will be sending UDP 4500 packets instead of proto 50 (ESP)
> packets.

Roberto's tcpdump on the server did contain this packet:

15:54:10.973291 IP > ESP(spi=0xb730f9c8,seq=0x31),
length 116

I know, tcpdumps on NETKEY are not reliable. A better idea is to sniff
with another computer between the client and the server. Or to use KLIPS.

Another method would be to try a Windows client. If ESP is indeed blocked,
then it will not work with Windows either.

However, if Sprint EVDO does not block ESP then it should have worked
with his backup dialup account as well. But it did not.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list