openl2tp.org
http://forums.openl2tp.org/

Multiple Windows XP clients behind same NAT device possible?
http://forums.openl2tp.org/viewtopic.php?f=3&t=28
Page 1 of 1

Author:  neoxite [ Wed Mar 31, 2010 12:44 pm ]
Post subject:  Multiple Windows XP clients behind same NAT device possible?

Hello,
I'm considering switching our corporate VPN solution to utilizing OpenL2TP.

I understand OpenL2TP supports multiple L2TP clients behind the same NAT device using ephemeral ports (on either the client or the server side?)

My question: Can this feature be used on the LNS side to support multiple Windows XP IPsec/L2TP clients behind the same NAT interface (using the native MS L2TP client)?

From my understanding this is not possible, as Windows expects both client and server side ports to be 1701.

Thank you for clarifying this!

Author:  jchapman [ Thu Apr 01, 2010 1:07 pm ]
Post subject:  Re: Multiple Windows XP clients behind same NAT device possible?

neoxite wrote:
Hello,
I'm considering switching our corporate VPN solution to utilizing OpenL2TP.

I understand OpenL2TP supports multiple L2TP clients behind the same NAT device using ephemeral ports (on either the client or the server side?)

OpenL2TP by default will use ephemeral ports on both client and server sides. It can also be configured to use fixed ports on either side. The default is usually fine if the peer wants to use a fixed port.
Quote:
My question: Can this feature be used on the LNS side to support multiple Windows XP IPsec/L2TP clients behind the same NAT interface (using the native MS L2TP client)?

From my understanding this is not possible, as Windows expects both client and server side ports to be 1701.

Is that true? I've seen a Windows XP box use an ephemeral source port when using its standard L2TP/IPSec client.

However, the biggest problem might be the NAT gateway in the client network - few seem to handle IPSec well - NAT-T support seems to be quite varied.

Have you considered OpenVPN for this? It is much more NAT friendly.

Page 1 of 1 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/