[Openswan Users] More than one user behind NAT device

Linden Varley Linden.Varley at lisasoft.com
Sun Oct 30 18:16:32 EDT 2011

Interesting, the same thing happens when I connect to aivd.xelerance.com. You're right, it must be the router doing something weird. I'll investigate further.

Thanks for the help
- Linden

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Friday, 28 October 2011 3:49 AM
To: Linden Varley
Cc: users at openswan.org
Subject: Re: [Openswan Users] More than one user behind NAT device

On Thu, 27 Oct 2011, Linden Varley wrote:

> The two patch files I applied to the debian 2.6.32 kernel were:
> openswan-2.6.36/patches/kernel/2.6.32/0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch
> openswan-2.6.36/patches/kernel/2.6.32/0002-SAREF-implement-IP_IPSEC_BINDREF.patch
> They both have IP_IPSEC_REFINFO and IP_IPSEC_BINDREF set to 22/23
> openswan-2.6.36/include/ipsec_saref.h
> Also has IP_IPSEC_REFINFO and IP_IPSEC_BINDREF set to 22/23
> I have used xl2tpd 1.3.0 and xl2tpd 1.3.1 (with saref refinfo = 22) to no avail.
> xl2tpd starts up with:
> xl2tpd[6959]: Enabling IPsec SAref processing for L2TP transport mode SAs
> xl2tpd[6959]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
> xl2tpd[6959]: Setting SAref IP_IPSEC_REFINFO number to 22
> xl2tpd[6959]: This binary does not support kernel L2TP.
> But I don't think its an xl2tpd issue as the connections never get past the initial ipsec connection.
> Thanks for your help so far, anything else I may be overlooking?

That all looks good....

Can you connect from behind that NAT router to aivd.xelerance.com, user test/test2, passwd test/test2,
PSK test? Maybe that NAT router is doing something strange?


The contents of this email are confidential and may be subject to legal or professional privilege and copyright. No representation is made that this email is free of viruses or other defects. If you have received this communication in error, you may not copy or distribute any part of it or otherwise disclose its contents to anyone. Please advise the sender of your incorrect receipt of this correspondence.

More information about the Users mailing list