Package: openswan Version: 2.3.0-2 Severity: important Tags: patch >From http://www.jacco2.dds.nl/networking/freeswan-l2tp.html - Section 19.2
Currently there is a problem when the Openswan server itself is behind NAT (or when both the client and the server are behind NAT). The Openswan team was notified of this problem by Bernd Galonska http://lists.openswan.org/pipermail/users/2005-February/003927.html. It was not fixed in Openswan 2.3.1 although that version fixed several other NAT-T problems. In the mean time, you could use Bernd's preliminary patch which I have modified slightly so that it applies cleanly to Openswan 2.3.0 http://www.jacco2.dds.nl/networking/patches/openswan-2.3.0-NATserver.patch and 2.3.1 http://www.jacco2.dds.nl/networking/patches/openswan-2.3.1-NATserver.patch respectively. P.S. maybe the new upstream version 2.3.1 should be used at the same time? -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (650, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: i386 (i586) Kernel: Linux 2.4.26-1-586tsc Locale: LANG=en_ZA, LC_CTYPE=en_ZA (charmap=ISO-8859-1) Versions of packages openswan depends on: ii bind9-host [host] 1:9.2.4-1 Version of 'host' bundled with BIN ii bsdmainutils 6.0.17 collection of more utilities from ii debianutils 2.8.4 Miscellaneous utilities specific t ii devfsd 1.3.25-19 Daemon for the device file system ii gawk 1:3.1.4-2 GNU awk, a pattern scanning and pr ii iproute 20041019-3 Professional tools to control the ii ipsec-tools 1:0.5.1-1 IPsec tools for Linux ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libgmp3 4.1.4-6 Multiprecision arithmetic library ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii makedev 2.3.1-77 creates device files in /dev ii openssl 0.9.7e-3 Secure Socket Layer (SSL) binary a -- debconf information: openswan/existing_x509_key_filename: * openswan/x509_state_name: Western Cape * openswan/rsa_key_length: 2048 * openswan/restart: true * openswan/start_level: earliest * openswan/enable-oe: false * openswan/existing_x509_certificate: false openswan/existing_x509_certificate_filename: * openswan/create_rsa_key: true * openswan/x509_email_address: [EMAIL PROTECTED] * openswan/x509_country_code: ZA * openswan/x509_self_signed: false * openswan/x509_organizational_unit: * openswan/x509_locality_name: Cape Town * openswan/x509_common_name: vpn.darkskies.za.net * openswan/rsa_key_type: x509 * openswan/x509_organization_name: darkskies -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
