On Tue, 29 Sep 2015, Nicolas THIBAUT wrote: Added a CC: of the mailing list.
I’m currently trying to setup a VPN through L2TP over IPsec, I have a question regarding NAT compatibility (I haven’t found the answer neither your website nor in you wiki). With the latest release of Libreswan (3.15), is it necessary to create a connection especially for NAT like the first one below?
I'm not sure. It _should_ work with rightsubnet=vhost:%priv,%no but there were problems with that and people did often use two conns/
conn L2TP-PSK-NAT leftsubnet=vhost:%no rightsubnet=vhost:%priv also=L2TP-PSK
You should not use vhost: in the leftsubnet part like you did below. If you do not need to support Windows XP, you should consider dropping L2TP/IPsec and move to "Cisco mode" (AKA XAUTH) https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH Paul
conn L2TP-PSK type=transport authby=secret auto=add # pfs=no rekey=no # dpddelay=30 dpdtimeout=300 dpdaction=clear # left=%defaultroute leftprotoport=udp/l2tp # right=%any rightprotoport=udp/%any Thanks a lot for your time, I hope you can help me! Regards __ Nicolas THIBAUT [email protected] http://dev2lead.com
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
