Re: NPPPD/L2TP IPsec problems

[lilit-aibolit]

29.09.2011 16:30, YASUOKA Masahiko P?P8QP5Q:

On Mon, 26 Sep 2011 15:20:50 +0200
Martin Poulsen<mar...@dividebyzero.dk>  wrote:

I have been playing around a little with the npppd daemon having setup a
L2TP server for test and learning purposes. The connection is running in
an IPsec tunnel and it works great and runs very fine when used on a
local network.

But I'm having problems when it comes to NAT.

This is my setup:

client (Windows XP) ---- NAT ----- internet ----- OpenBSD (public IP)

npppd L2TP/IPsec with NAT-T is not supported yet.

We need 3 more hacks.

   1. support FQDN identifier type on isakmpd
   2. ignore UDP checksum to pass L2TP messages.  (checksums is broken
      by IPsec transport mode)
   3. npppd must be able to send a L2TP message to different peer
      behind NAT by socket API.  (API is not fixed yet.)

1. and 2. are `just do it' task.  But 3. may take time.
I'll start to discuss this on tech@.

Thanks,

--yasuoka

.

Do you have any progress in that?