[Openswan Users] NAT-T problem: l2tp replies return unencrypted from the server
Catalin Sanda
catalin.sanda at gmail.com
Sat Feb 14 19:47:50 EST 2009
Hello,
I have a setup with a XPSP3 client behind a NAT and a server
(openswan-2.6.19-1.fc10.i386) with a public IP. The IPSec connection is
established fine and the client is able to send l2tp packets to the xl2tpd
server through the tunnel, but the reply packets are not routed back through
the IPSec tunnel but instead they are sent unencrypted through the default
gateway and are dropped by the client NAT router.
The configuration is a text book road warrior setup, and the xl2tpd server
is set to listen on the public interface.
/etc/ipsec.conf:
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
oe=off
# Enable this if you see "failed to find any available worker"
#nhelpers=0
conn L2TP-PSK
pfs=no
authby=secret
compress=no
type=transport
left=89.X.X.X
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
auto=add
I've seen this problem come up on the mailing list before, but no solution
was presented (or at least I couldn't find it). Any help would be greatly
appreciated and I'm willing to post any log that might help.
Thank you,
Catalin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090215/539cd77d/attachment.html
More information about the Users
mailing list