<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.6944.0">
<TITLE>RE: [Openswan Users] no l2tp traffic with NATed client</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText68365 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2># cat
/proc/sys/net/ipv4/conf/all/rp_filter<BR> 1</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2># ifconfig</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>eth0 Link
encap:Ethernet HWaddr
00:05:5D:7D:20:A4<BR> inet
addr:xxx.xxx.xxx.118 Bcast:xxx.xxx.xxx.119
Mask:255.255.255.252<BR>
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:4893730 errors:0 dropped:0 overruns:0
frame:0<BR> TX
packets:4616053 errors:0 dropped:0 overruns:0
carrier:0<BR> collisions:0
txqueuelen:1000<BR> RX
bytes:1571449947 (1.4 GiB) TX bytes:1296615961 (1.2
GiB)<BR> Interrupt:19 Base
address:0xdc80</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>eth1 Link
encap:Ethernet HWaddr
00:05:5D:7D:20:A5<BR> inet
addr:yyy.yyy.1.250 Bcast:yyy.yyy.1.0
Mask:255.255.255.0<BR> UP
BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:9625821 errors:0 dropped:237 overruns:0
frame:0<BR> TX
packets:11478671 errors:0 dropped:0 overruns:0
carrier:0<BR> collisions:0
txqueuelen:1000<BR> RX
bytes:1583891271 (1.4 GiB) TX bytes:2055686988 (1.9
GiB)<BR> Interrupt:20 Base
address:0xdc00</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial
size=2>lo Link encap:Local
Loopback<BR> inet
addr:127.0.0.1
Mask:255.0.0.0<BR> UP
LOOPBACK RUNNING MTU:16436
Metric:1<BR> RX
packets:182417 errors:0 dropped:0 overruns:0
frame:0<BR> TX
packets:182417 errors:0 dropped:0 overruns:0
carrier:0<BR> collisions:0
txqueuelen:0<BR> RX
bytes:274783836 (262.0 MiB) TX bytes:274783836 (262.0 MiB)</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org on behalf of
Ivan Lopez<BR><B>Sent:</B> Fri 03/06/2005 12:21<BR><B>To:</B>
users@openswan.org<BR><B>Subject:</B> RE: [Openswan Users] no l2tp traffic with
NATed client<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>rp_filter?</FONT> <BR><FONT size=2>ifconfig statistics for your
interfaces?</FONT> <BR><FONT size=2>Best Regards.</FONT> <BR><FONT
size=2>Ivan</FONT> </P>
<P><FONT size=2>-----Mensaje original-----</FONT> <BR><FONT size=2>De: Neil
Ballantyne [<A href="mailto:Neil@liquide.uk.com">mailto:Neil@liquide.uk.com</A>]
</FONT><BR><FONT size=2>Enviado el: Viernes, 03 de Junio de 2005 5:13</FONT>
<BR><FONT size=2>Para: becker@informatik.uni-oldenburg.de; Norman
Rasmussen</FONT> <BR><FONT size=2>CC: Openswan Users Mlist</FONT> <BR><FONT
size=2>Asunto: RE: [Openswan Users] no l2tp traffic with NATed client</FONT>
</P><BR>
<P><FONT size=2>Am using 26sec in 2.6 kernel so no ipsec0 interface...
</FONT></P>
<P><FONT size=2>> -----Original Message-----</FONT> <BR><FONT size=2>>
From: Steffen Becker [<A
href="mailto:becker@informatik.uni-oldenburg.de">mailto:becker@informatik.uni-oldenburg.de</A>]</FONT>
<BR><FONT size=2>> Sent: 01 June 2005 15:48</FONT> <BR><FONT size=2>> To:
'Norman Rasmussen'; Neil Ballantyne</FONT> <BR><FONT size=2>> Cc: 'Openswan
Users Mlist'</FONT> <BR><FONT size=2>> Subject: RE: [Openswan Users] no l2tp
traffic with NATed client</FONT> <BR><FONT size=2>> </FONT><BR><FONT
size=2>> Hi,</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>>
> > For ref, the rule I'm using to forward traffic in to the</FONT>
<BR><FONT size=2>> > l2tp server is:</FONT> <BR><FONT size=2>> >
> </FONT><BR><FONT size=2>> > > iptables -t nat -A PREROUTING -i
eth0 -p udp --sport 1701</FONT> <BR><FONT size=2>> > --dport 1701</FONT>
<BR><FONT size=2>> > > -j DNAT --to-destination xxx.xxx.xxx.xxx</FONT>
<BR><FONT size=2>> </FONT><BR><FONT size=2>> There is an error, you have
to use the ipsec interface change</FONT> <BR><FONT size=2>> "-i eth0" to "-i
ipsec0"</FONT> <BR><FONT size=2>> From the cited HowTo:</FONT> <BR><FONT
size=2>> </FONT><BR><FONT size=2>> # make VPN server reachable</FONT>
<BR><FONT size=2>> /sbin/iptables -t nat -A PREROUTING -i ipsec0 \</FONT>
<BR><FONT size=2>> -p udp --sport 1701 --dport
1701 \</FONT> <BR><FONT size=2>> -j DNAT
--to-destination <address-of-VPN-server></FONT> <BR><FONT size=2>>
</FONT><BR><FONT size=2>> Cheers,</FONT> <BR><FONT size=2>> Steffen</FONT>
<BR><FONT size=2>> </FONT><BR><FONT size=2>>
--------------------------------------------------------------</FONT> <BR><FONT
size=2>> ----------</FONT> <BR><FONT size=2>> Dipl. Wirtsch. Inform.
Steffen Becker, DFG Junior Research</FONT> <BR><FONT size=2>> Group
"Palladio", Fk 2, Department of Computing Science, </FONT><BR><FONT size=2>>
Software Engineering Group CvO Universität Oldenburg / OFFIS, </FONT><BR><FONT
size=2>> Escherweg 2, D-26121 Oldenburg</FONT> <BR><FONT size=2>> Email:
becker@informatik.uni-oldenburg.de</FONT> <BR><FONT size=2>> URL: <A
href="http://se.informatik.uni-oldenburg.de">http://se.informatik.uni-oldenburg.de</A></FONT>
<BR><FONT size=2>> Voice: +49 441 9722-582 (-501, secr.) Fax: +49 441
9722-502</FONT> <BR><FONT size=2>>
--------------------------------------------------------------</FONT> <BR><FONT
size=2>> ----------</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>>
</FONT><BR><FONT size=2>_______________________________________________</FONT>
<BR><FONT size=2>Users mailing list</FONT> <BR><FONT size=2>Users@openswan.org
<A
href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A></FONT>
<BR><FONT size=2>_______________________________________________</FONT>
<BR><FONT size=2>Users mailing list</FONT> <BR><FONT
size=2>Users@openswan.org</FONT> <BR><FONT size=2><A
href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A></FONT>
</P></DIV>
</BODY>
</HTML>