Re: VPN (racoon) problem if client is behind NAT router

Hi Eric,

The scenario is: racoon is running in the server and is not behind a NAT router, but the client is behind a NAT router (Dlink 624 router). Dlink 624 is IPSEC forwarding capable and this option is enabled. If we remove Dlink router from our scenario and plug the client to a direct link to the Internet (using the IP address used by the Dlink router), everything works fine.

I found some information concerning to disable "rp_filter". I did it to all interfaces, but vpn still doesn´t work if the client is behind a NAT router.

Thanks,
Anderson.


At 15:40 30/7/2007, Eric J. Feldhusen wrote:
Anderson Oliveira da Silva wrote:
> Hello folks,
>
> I´ve been trying to set up racoon in order to enable a VPN service to
> the following scenario: client behind NAT router (D-Link 624 Router) and
> server not behind NAT router. Client is WinXP default IPSec/L2TP client.
> Server is running racoon/l2tpd. Everything works fine if the client is
> not behind the NAT router. But l2tpd does not answer if the client is
> behind the NAT router.
>
> Here is the output presented by tcpdump in the server side when client
> is behind the NAT router:
>
> Does anyone know why the packets transported by ESP are not forwarded to
> l2tpd?

I don't have a racoon/l2tpd server setup, but I was looking into it and
I recall the racoon configuration requiring a flag, telling racoon it
was behind a NAT. Sorry I can't remember the exact flag, but I haven't
set it up yet.

Eric

--
Eric Feldhusen
Network Administrator http://www.remc1.org
eric@xxxxxxxxx
PO Box 270 (906) 482-4520 x239
809 Hecla St (906) 482-5031 fax
Hancock, MI 49930 (906) 370 6202 mobile

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Should a socket client detect loss of network connection
    ... Sounds like a NAT router in between dropping its TCP binidings ... inactivity, otherwise you are subject to the NAT router issue. ... I have written a socket client and a server. ...
    (microsoft.public.win32.programmer.networks)
  • VPN (racoon) problem if client is behind NAT router
    ... I´ve been trying to set up racoon in order to enable a VPN service to the following scenario: client behind NAT router and server not behind NAT router. ... Client is WinXP default IPSec/L2TP client. ... Jul 30 13:49:13 obaluae racoon: INFO: respond new ...
    (Fedora)
  • Re: VPN (racoon) problem if client is behind NAT router
    ... server not behind NAT router. ... Client is WinXP default IPSec/L2TP client. ... Server is running racoon/l2tpd. ... I recall the racoon configuration requiring a flag, ...
    (Fedora)
  • Re: Newbie:Connecting via TCP to a machine behind a NAT router
    ... When the client(which is behind a NAT router) calls a ... which is not reachable from the server machine. ... > Another solution is when the server gets a new connection from a client to ... A client need to provide their IP and port when registering. ...
    (microsoft.public.dotnet.general)
  • Re: Cant reach my machine using TCPClient
    ... connecting to a peer-to-peer server on some random port. ... But these behaviors are usually disabled when a client of the NAT router _initiates_ communication outbound. ... So, if this "new random application" is on your LAN but connecting to an IP address outside the LAN, the NAT router is handling that automatically, acting as a proxy between the client on your LAN and the outside address. ...
    (microsoft.public.dotnet.languages.csharp)