Re: NPPPD/L2TP IPsec problems

YASUOKA Masahiko Sun, 18 Dec 2011 18:57:08 -0800

Hi,

On Fri, 16 Dec 2011 15:38:14 +0200
lilit-aibolit <[email protected]> wrote:
> 29.09.2011 16:30, YASUOKA Masahiko P?P8QP5Q:
>> On Mon, 26 Sep 2011 15:20:50 +0200
>> Martin Poulsen<[email protected]>  wrote:
>>> This is my setup:
>>>
>>> client (Windows XP) ---- NAT ----- internet ----- OpenBSD (public IP)
>>
>> npppd L2TP/IPsec with NAT-T is not supported yet.
>>
>> We need 3 more hacks.
>>
>>    1. support FQDN identifier type on isakmpd
>>    2. ignore UDP checksum to pass L2TP messages.  (checksums is broken
>>       by IPsec transport mode)
>>    3. npppd must be able to send a L2TP message to different peer
>>       behind NAT by socket API.  (API is not fixed yet.)
>>
>> 1. and 2. are `just do it' task.  But 3. may take time.
>> I'll start to discuss this on tech@.
> 
> Do you have any progress in that?


1. and 2. are fixed in -current.  Now *one* Windows box from behind a
NAT box can connect npppd.

Please wait about 3.  (Multiple clients still can not connect npppd
from behind the same NAT box.)

--yasuoka

Re: NPPPD/L2TP IPsec problems

Reply via email to