From: Petr H. <pet...@me...> - 2004-07-20 12:12:36
|
Thanks for advice. I've already managed win client to connect l2tp via tunnel, the problem is= =20 that racoon doesn't use nat-t. Windows are patched with nat-t for ipsec pat= ch=20 and ipsec-tools are 0.3.3 and kernel is 2.6.7. Nat_traversal is set to force, but there is no traffic on 4500 port. Thanks for any help. Dne po 19. =C4=8Dervence 2004 18:15 Lionel Fourquaux napsal(a): > > Is racoon in its current version able to handle nat-t for transport mod= e? > > That's the problem: afaik, nat-t with transport mode is not implemented in > racoon. According to what I've found on the web, there are complex securi= ty > problems with this setup. Implementing it securely appears to be rather > difficult. > > As a workaround, you can try to use l2tp over ipsec in tunnel mode. There > is a registry setting that prevents the Windows l2tp client from modifying > the ipsec policy. (It's described somewhere in the MS knowledge base). Th= en > you can set up ipsec manually, in tunnel mode, between the l2tp client and > server. Possibly, you won't even need l2tp. > > Hope this helps, > > -- Lionel Fourquaux |