[Openswan Users] Unable to connect from behind NATed connection
Leigh Sharpe
lsharpe at pacificwireless.com.au
Wed Aug 19 02:17:05 EDT 2009
Hi Paul,
Changing leftprotoport has not made a difference.
Changing the version of openswan really isn't feasable for me here.
Ultimately, I need to put this on an existing Etch system, and apt-get
installs version 2.4.6.
Oh, and rolling the two connections into one seems to have broken the
non-NATed scenario (I can't connect at all, even without NAT).
Leigh.
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Wednesday, 19 August 2009 2:07 PM
To: Leigh Sharpe
Cc: users at openswan.org
Subject: RE: [Openswan Users] Unable to connect from behind NATed
connection
On Wed, 19 Aug 2009, Leigh Sharpe wrote:
> OK, so now I have:
>
> conn L2TP-PSK-noNAT
> authby=secret
> pfs=no
> auto=add
> rekey=no
> type=transport
> left=202.134.34.214
> leftnexthop=202.134.34.213
> # For updated Windows 2000/XP clients,
> # to support old clients as well, use leftprotoport=17/%any
> # leftprotoport=17/1701
> leftprotoport=17/0
No left is your end. openswan always uses port 1701, so specify 17/1701
here.
> right=%any
> # Using the magic port of "0" means "any one single port".
This is
> # a work around required for Apple OSX clients that use a
randomly
> # high port, but propose "0" instead of their port.
> rightprotoport=17/%any
> rightsubnet=vhost:%priv,%no
> Using Openswan Version 2.4.12
Please try and use 2.4.15. It contains various security fixes.
> And it's still doing the same thing.
Let me know if it is still broken after fixing the leftprotport=
setting.
> Is there anything which my 3G provider could be doing which would
cause this kind of thing?
Possibly, but I don't think we need to investigate that just now.
Paul
More information about the Users
mailing list