[Openswan Users] NATed Windows XP SP3 L2TP/IPsec troubles

Tuomo Soini tis at foobar.fi
Fri Jan 29 17:20:19 EST 2010

Catalin Patulea wrote:
> Hi everyone,
> I am trying to set up a Linux L2TP/IPsec server for a (possibly NATed)
> roadwarrior Windows XP SP3 client. Here's my info:
> # ipsec --version
> Linux Openswan U2.6.22/K2.6.31-17-generic-pae (netkey)

Two things are needed to resolve this issue.

Upgrade to Openswan-2.6.24
change rightprotoport=17/%any

After these changes it should work.

> So I have some idea what the problem is (the xfrm rules are created
> with the client's internal NAT IP) but don't know how to solve it..
> any ideas?

That's called bug #1004 which is fixed in Openswan-2.6.24.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Users mailing list