IPSEC/L2tp passthrough help....

Discussion in 'Tomato Firmware' started by paped, Nov 7, 2008.

  1. paped

    paped LI Guru Member

    Can anybody help as part of some training stuff and personal interest I am setting up an IPSEC/L2tp based vpn to my home PC using the Openswan server on Centos linux. However I am getting to the point of pulling my hair out as I seem to have a problem with forwarding/passthrough on my WRT54GL tomato based router.

    Basically I am using a windows XP laptop with SP2 + the MS registry change for NAT-T (set to level 2) and the openswan server is also set-up for NAT-T now when I connect to the servers LAN ip address (laptop also on the LAN) the connection works fine so I am pretty sure that the laptop/server config is fine. But as soon as I try to connect via my DYNDNS domain and via the WRT I get L2TP error 792 - basically the connection has timed out.

    On the router I have port 500 and 4500 forwarded to my VPN server and the router logs say that traffic has been forwarded but on the server in the logs I just get lots of "invalid" type errors. It is as if the traffic is being forwarded but either some form of passthrough is not working correctly or the protocol (50 I think) is not coming across correctly thus the packets are being mangled in to something unusable? Also NAT-t does not seem to be seeing the linksys as a NAT system hence this could also be a problem as the linux server logs shows the connection as not being NAT'ed.

    Thus my ultimate questions here are....
    1) Has anbody else got this type of set-up working and could give me some pointers as to what could be wrong and how to fix it?
    2) Do I need to enable VPN pass through somewhere in the router, I cannot see a GUI tick box but I am wondering if I need to do something at a CLI IP Filters level?
    3) The openswan docs mention forwarding Protocol 50 (ESP - I think) and possibly 51 (AH) needs to be forwarded? - can the WRT forward protocols if yes, how? Again I would presume a bit more IP filters stuff may be needed on this one....

    Basically any help is appreciated as with it working internally to my network I am so close to getting this working that it is very frustrating that I am probably missing something really obvious that I need to do on the router......
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice