Re: VPN (racoon) problem if client is behind NAT router

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eric,

The scenario is: racoon is running in the server and is not behind a NAT router, but the client is behind a NAT router (Dlink 624 router). Dlink 624 is IPSEC forwarding capable and this option is enabled. If we remove Dlink router from our scenario and plug the client to a direct link to the Internet (using the IP address used by the Dlink router), everything works fine.

I found some information concerning to disable "rp_filter". I did it to all interfaces, but vpn still doesn´t work if the client is behind a NAT router.

Thanks,
Anderson.


At 15:40 30/7/2007, Eric J. Feldhusen wrote:
Anderson Oliveira da Silva wrote:
> Hello folks,
>
> I´ve been trying to set up racoon in order to enable a VPN service to
> the following scenario: client behind NAT router (D-Link 624 Router) and
> server not behind NAT router. Client is WinXP default IPSec/L2TP client.
> Server is running racoon/l2tpd. Everything works fine if the client is
> not behind the NAT router. But l2tpd does not answer if the client is
> behind the NAT router.
>
> Here is the output presented by tcpdump in the server side when client
> is behind the NAT router:
>
> Does anyone know why the packets transported by ESP are not forwarded to
> l2tpd?

I don't have a racoon/l2tpd server setup, but I was looking into it and
I recall the racoon configuration requiring a flag, telling racoon it
was behind a NAT.  Sorry I can't remember the exact flag, but I haven't
set it up yet.

Eric

--
Eric Feldhusen
Network Administrator    http://www.remc1.org
eric@xxxxxxxxx
PO Box 270              (906) 482-4520  x239
809 Hecla St            (906) 482-5031 fax
Hancock, MI  49930      (906) 370 6202 mobile

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux