All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Openswan & Nated Window XP
Hi,
I'm using Openswan+xl2tpd for IPSec/L2TP VPN. The Setup works without a problem with Windows 7 , OS X & Linux , But i have a very strange problem with Windows XP clients behind NAT. (no problem with windows XP that isn't behind NAT). My Scenario is Like this :
VPN server (Public IP - Keyphrase ipsec) <<>> Internet <<>> Client Modem/Router <<>> Client Computer(local IP)
When i restart openswan (IPSec Service) windows XP clients (Behind NAT) can Normally Connect / Disconnect, but after some clients with other Operating Systems Connect/Disconnect , Windows XP clients (Behind NAT) can't connect and Receive Error 679. It seems that they can't complete ipsec keyphrase negotiation and so there is no ipsec tunnel.
I searched and found Endless threads about it. it seems that microsoft changed something in NAT-T implementation in Win XP . There are many fixes and some of them are about openswan and some of them about Win XP. I tried openswan versions from 2.6.12 .. 2.6.35. It seems that the more stable version is 2.6.24. every time that this problem happens, i have to restart openswan server (that is not acceptable, but i didn't found any other solution yet).i also tried Win XP solutions , but no luck at all.
My Server : Debian Squeeze Kernel 2.6.32 , Openswan 2.6.24 , xl2tpd 1.2.6.
Windows XP clients are all SP3 and fully updated.
Do you have any suggestion about this?
Comments
Damn, this was like chinese to me, but I found two links xDDD
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaja/rzajaudpencap.htm
http://en.wikipedia.org/wiki/NAT_traversal (says something about Ipsec)
Chinese
Thank you for the Links.
I don't remember how many pages that i read about NAT-T, freeswan & Win XP problems, but i still can't solve this problem.
I'll setup another server for Win XP clients only and see what happens after that.