It is currently Sat Oct 25, 2014 3:43 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Multiple Win 7 clients behind same NAT
PostPosted: Thu May 31, 2012 5:44 pm 

Joined: Thu May 31, 2012 4:52 pm
Posts: 1
Hello!

I'm setting up an L2TP/IPSEC with ipsec-tools/racoon. I have multiple Win XP and Win 7 clients behind same NAT and only one can connect the same time to server.

It was written in openl2tp install guide:

For configurations where there are multiple L2TP/IPSec clients behind a NAT gateway at one or more remote sites, additional kernel and ipsec-tools patches are needed. Ipsec-tools patch makes racoon send more info to the kernel for supporting
ephemeral ports.

In one of topics of the forum there was written that Win 7 doesn't support UDP ephemeral port negotiation.

viewtopic.php?f=3&t=65

I've tested it myself with Win XP and Win 7. Win XP connected to server with ephemeral port configuration, but Win 7 connected only with option our_udp_port=1701.

So, is it possible to connect multiple Win 7 clients to L2TP/IPSEC after patching or it would work only with Win XP clients?

The patches in openl2tp sources are quite old and there are lot of conflicts with new version of ipsec-tools. Are there any new ones?


Top
 Profile  
 
 Post subject: Re: Multiple Win 7 clients behind same NAT
PostPosted: Mon Jul 16, 2012 8:53 am 
Site Admin

Joined: Sun Jul 27, 2008 1:39 pm
Posts: 126
Dmitriy wrote:
Hello!

I'm setting up an L2TP/IPSEC with ipsec-tools/racoon. I have multiple Win XP and Win 7 clients behind same NAT and only one can connect the same time to server.

It was written in openl2tp install guide:

For configurations where there are multiple L2TP/IPSec clients behind a NAT gateway at one or more remote sites, additional kernel and ipsec-tools patches are needed. Ipsec-tools patch makes racoon send more info to the kernel for supporting
ephemeral ports.

In one of topics of the forum there was written that Win 7 doesn't support UDP ephemeral port negotiation.

viewtopic.php?f=3&t=65

I've tested it myself with Win XP and Win 7. Win XP connected to server with ephemeral port configuration, but Win 7 connected only with option our_udp_port=1701.

So, is it possible to connect multiple Win 7 clients to L2TP/IPSEC after patching or it would work only with Win XP clients?

The patches in openl2tp sources are quite old and there are lot of conflicts with new version of ipsec-tools. Are there any new ones?

I heard similar issues about Win7. Look for magic windows registry settings in Win7 (though they might not exist for this).
There are no ipsec patch updates - I believe they are no longer required for more recent kernels. I suggest try replacing racoon with openswan, but make sure the setkey tool is also installed.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group