[Openswan Users] More than one user behind NAT device

Paul Wouters paul at xelerance.com
Thu Oct 27 12:48:40 EDT 2011


On Thu, 27 Oct 2011, Linden Varley wrote:

> The two patch files I applied to the debian 2.6.32 kernel were:
>
> openswan-2.6.36/patches/kernel/2.6.32/0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch
> openswan-2.6.36/patches/kernel/2.6.32/0002-SAREF-implement-IP_IPSEC_BINDREF.patch
>
> They both have IP_IPSEC_REFINFO and IP_IPSEC_BINDREF set to 22/23
>
>
> openswan-2.6.36/include/ipsec_saref.h
>
> Also has IP_IPSEC_REFINFO and IP_IPSEC_BINDREF set to 22/23
>
>
> I have used xl2tpd 1.3.0 and xl2tpd 1.3.1 (with saref refinfo = 22) to no avail.
>
> xl2tpd starts up with:
>
> xl2tpd[6959]: Enabling IPsec SAref processing for L2TP transport mode SAs
> xl2tpd[6959]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
> xl2tpd[6959]: Setting SAref IP_IPSEC_REFINFO number to 22
> xl2tpd[6959]: This binary does not support kernel L2TP.
>
>
> But I don't think its an xl2tpd issue as the connections never get past the initial ipsec connection.
>
> Thanks for your help so far, anything else I may be overlooking?

That all looks good....

Can you connect from behind that NAT router to aivd.xelerance.com, user test/test2, passwd test/test2,
PSK test? Maybe that NAT router is doing something strange?

Paul


More information about the Users mailing list