[Openswan Users] Unable to connect from behind NATed connection
paul at xelerance.com
Tue Aug 18 21:38:16 EDT 2009
On Wed, 19 Aug 2009, Leigh Sharpe wrote:
> I'm having a hell of a time getting an L2TP/IPSEC connection when my
> client is behind NAT.
> conn L2TP-PSK-NAT
> conn L2TP-PSK-noNAT
I'd merge these into one conn
keyingtries is not used with rekey=no
> # we cannot rekey for %any, let client rekey
> # or you can use: left=YourIPAddress
> # For updated Windows 2000/XP clients,
> # to support old clients as well, use leftprotoport=17/%any
> # The remote user.
> # Using the magic port of "0" means "any one single port". This
> # a work around required for Apple OSX clients that use a
> # high port, but propose "0" instead of their port.
use 17/%any instead.
and add: rightsubnet=vhost:%priv,%no
also be sure to use openswan 2.4. openswan 2.6 has a bug that makes l2tp
More information about the Users