[Openswan Users] Unable to connect from behind NATed connection

Leigh Sharpe lsharpe at pacificwireless.com.au
Wed Aug 19 02:17:05 EDT 2009

Hi Paul, 
Changing leftprotoport has not made a difference.
Changing the version of openswan really isn't feasable for me here.
Ultimately, I need to put this on an existing Etch system, and apt-get
installs version 2.4.6. 

Oh, and rolling the two connections into one seems to have broken the
non-NATed scenario (I can't connect at all, even without NAT).


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Wednesday, 19 August 2009 2:07 PM
To: Leigh Sharpe
Cc: users at openswan.org
Subject: RE: [Openswan Users] Unable to connect from behind NATed

On Wed, 19 Aug 2009, Leigh Sharpe wrote:

> OK, so now I have:
> conn L2TP-PSK-noNAT

>         authby=secret
>         pfs=no
>         auto=add
>         rekey=no
>         type=transport
>         left=
>         leftnexthop=
>         # For updated Windows 2000/XP clients,
>         # to support old clients as well, use leftprotoport=17/%any
>         # leftprotoport=17/1701
>         leftprotoport=17/0

No left is your end. openswan always uses port 1701, so specify 17/1701

>         right=%any
>         # Using the magic port of "0" means "any one single port".
This is
>         # a work around required for Apple OSX clients that use a
>         # high port, but propose "0" instead of their port.
>         rightprotoport=17/%any
>         rightsubnet=vhost:%priv,%no

> Using Openswan Version 2.4.12

Please try and use 2.4.15. It contains various security fixes.

> And it's still doing the same thing.

Let me know if it is still broken after fixing the leftprotport=

> Is there anything which my 3G provider could be doing which would
cause this kind of thing?

Possibly, but I don't think we need to investigate that just now.


More information about the Users mailing list