[Openswan Users] Unable to connect from behind NATed connection
Paul Wouters
paul at xelerance.com
Tue Aug 18 21:38:16 EDT 2009
On Wed, 19 Aug 2009, Leigh Sharpe wrote:
> I'm having a hell of a time getting an L2TP/IPSEC connection when my
> client is behind NAT.
> conn L2TP-PSK-NAT
> rightsubnet=vhost:%priv
> also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
I'd merge these into one conn
> authby=secret
> pfs=no
> auto=add
> keyingtries=3
keyingtries is not used with rekey=no
> # we cannot rekey for %any, let client rekey
> rekey=no
> type=transport
> #
> #left=%defaultroute
> # or you can use: left=YourIPAddress
> left=202.134.34.214
> leftnexthop=202.134.34.213
> # For updated Windows 2000/XP clients,
> # to support old clients as well, use leftprotoport=17/%any
> leftprotoport=17/1701
> #
> # The remote user.
> #
> right=%any
> # Using the magic port of "0" means "any one single port". This
> is
> # a work around required for Apple OSX clients that use a
> randomly
> # high port, but propose "0" instead of their port.
> rightprotoport=17/0
use 17/%any instead.
and add: rightsubnet=vhost:%priv,%no
also be sure to use openswan 2.4. openswan 2.6 has a bug that makes l2tp
not work.
Paul
More information about the Users
mailing list