Network Configuration:

Client (Private IP) -> Wireless Router (NAT-DHCP) -> I-Net -> Router
(STATIC IP)

Client: Windows XP Pro, using built in VPN system

Server:
Linux Kernel Version: 2.6.19
Iptables Version: 1.3.5
Raccoon ipsec-tools Version: 0.6.6
- product linked OpenSSL 0.9.8d
l2tpd version 0.69

Using NetKey and raccoon is compiled with NAT-T Support.

Raccoon ipsec negotiations 1/2 both go ok. Keys are built using
correct IP addresses as per NAT-T and setkey -DP show correct keys.

tcpdump shows inbound l2tp packets from client over ESP link, however
return packets from l2tpd does not pass though ESP link
(Unencrypted).

Secondly (Which I think is my own stupidity), if I block UDP port 1701
packets on my inbound WAN connection the firewall will not allow them
over ESP or the NAT-T port.

I've read that the 2.6.x kernel is broken for this setup, however all
these posts were from 2004 era and no bug reports exist on kernel.org
or netfilter bugzillas.

Any Help/Direction?

Thanks,
Jay Kendall