From: Alex Crow <acrow@in...> - 2007-04-24 15:50:08
Hi developers (are you there?),
Does anyone have any thoughts on the below yet? I'd hate to have to install Windows Server 2003 and expose it to the internet...
I have done a fair bit of research and it appears that WM5 devices should work with NAT-T and L2TP/IPSEC.
The hint I've had from the openl2tp developers is that something is not quite conformant with the NAT-T response coming back from the mobile device during renegotiation.
Immediately below is the text of a message I've had from James Chapman of Katalix (the openl2tp developers).
Thanks for these.
It looks like IPSec Phase 2 negotiation is failing in the WM5 case.
The logs are very similar until around line 1041 of wm5.messages. The
wm5 case gets a much smaller packet than the xp case and it doesn't
the nat-t params (see nptype= diffs in the log) that are present in the
The openl2tp debug trace confirms that the correct SPD rules are being
It might be worth posting this to the ipsec-tools list at
ipsec-tools.sf.net to ask for advice. It's probably best to filter out
the openl2tpd lines before posting since they wouldn't help people on
Katalix Systems Ltd
Catalysts for your Embedded Linux software development