Hi,
I have read some posts on that list about my problem, but I do not now how to
solve it. I have the following configuration:
winXp L2TP Client(Internet) ---> Linux FW --> WIn2K Server[RAS](Lan)
If I disable ipsec on xp, on Linux FW and on RAS Server, I can succesfuly
connect from xp to RAS server over L2TP using only this:
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 1701 -j DNAT --to
192.168.0.111:1701
where eth1 is Internet nic in Linux FW.
If I enable ipsec on xp and on Linux (openswan, kernel 2.4.27), while RAS still
accepts only unencrypted packets, xp and Linux FW connects over ipsec with no
problem. The problem is, unencrypted packets don't destinate to RAS server.
AFAIK, I get unencrypted packets on ipsec0 device, so I just transform the
previous rule into:
iptables -t nat -A PREROUTING -i ipsec0 -p udp --dport 1701 -j DNAT --to
192.168.0.111:1701.
But it does not work. Ipsec session is between xp and Linux is established, but
RAS server timeouts. I suspect that my prerouting rule is causing me troubles...
Can anyone help?
Regards, Davor
____________________
http://www.email.si/
