[Openswan Users] NAT-T problem: l2tp replies return unencrypted from the server

Tuomo Soini tis at foobar.fi
Sun Feb 15 03:47:44 EST 2009

Catalin Sanda wrote:
> Hello,
> I have a setup with a XPSP3 client behind a NAT and a server
> (openswan-2.6.19-1.fc10.i386) with a public IP. The IPSec connection is
> established fine and the client is able to send l2tp packets to the
> xl2tpd server through the tunnel, but the reply packets are not routed
> back through the IPSec tunnel but instead they are sent unencrypted
> through the default gateway and are dropped by the client NAT router.
> The configuration is a text book road warrior setup, and the xl2tpd
> server is set to listen on the public interface.

This is last major functionality bug in openswan-2.6.x series.


Problem is that openswan install wrong policy into kernel.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Users mailing list