Hi Eric,
The scenario is: racoon is running in the server
and is not behind a NAT router, but the client is
behind a NAT router (Dlink 624 router). Dlink 624
is IPSEC forwarding capable and this option is
enabled. If we remove Dlink router from our
scenario and plug the client to a direct link to
the Internet (using the IP address used by the
Dlink router), everything works fine.
I found some information concerning to disable
"rp_filter". I did it to all interfaces, but vpn
still doesn´t work if the client is behind a NAT router.
Thanks,
Anderson.
At 15:40 30/7/2007, Eric J. Feldhusen wrote:
Anderson Oliveira da Silva wrote:
> Hello folks,
>
> I´ve been trying to set up racoon in order to enable a VPN service to
> the following scenario: client behind NAT router (D-Link 624 Router) and
> server not behind NAT router. Client is WinXP default IPSec/L2TP client.
> Server is running racoon/l2tpd. Everything works fine if the client is
> not behind the NAT router. But l2tpd does not answer if the client is
> behind the NAT router.
>
> Here is the output presented by tcpdump in the server side when client
> is behind the NAT router:
>
> Does anyone know why the packets transported by ESP are not forwarded to
> l2tpd?
I don't have a racoon/l2tpd server setup, but I was looking into it and
I recall the racoon configuration requiring a flag, telling racoon it
was behind a NAT. Sorry I can't remember the exact flag, but I haven't
set it up yet.
Eric
--
Eric Feldhusen
Network Administrator http://www.remc1.org
eric@xxxxxxxxx
PO Box 270 (906) 482-4520 x239
809 Hecla St (906) 482-5031 fax
Hancock, MI 49930 (906) 370 6202 mobile
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
