Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Openswan & Nated Window XP
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Openswan & Nated Window XP

mrm2005mrm2005 Member
edited October 2011 in Help

Hi,
I'm using Openswan+xl2tpd for IPSec/L2TP VPN. The Setup works without a problem with Windows 7 , OS X & Linux , But i have a very strange problem with Windows XP clients behind NAT. (no problem with windows XP that isn't behind NAT). My Scenario is Like this :

VPN server (Public IP - Keyphrase ipsec) <<>> Internet <<>> Client Modem/Router <<>> Client Computer(local IP)

When i restart openswan (IPSec Service) windows XP clients (Behind NAT) can Normally Connect / Disconnect, but after some clients with other Operating Systems Connect/Disconnect , Windows XP clients (Behind NAT) can't connect and Receive Error 679. It seems that they can't complete ipsec keyphrase negotiation and so there is no ipsec tunnel.

I searched and found Endless threads about it. it seems that microsoft changed something in NAT-T implementation in Win XP . There are many fixes and some of them are about openswan and some of them about Win XP. I tried openswan versions from 2.6.12 .. 2.6.35. It seems that the more stable version is 2.6.24. every time that this problem happens, i have to restart openswan server (that is not acceptable, but i didn't found any other solution yet).i also tried Win XP solutions , but no luck at all.

My Server : Debian Squeeze Kernel 2.6.32 , Openswan 2.6.24 , xl2tpd 1.2.6.
Windows XP clients are all SP3 and fully updated.

Do you have any suggestion about this?

Comments

Sign In or Register to comment.