Maybe this has nothing to do with xl2tpd.<br><br>I know that l2tp/ipsec will use transport mode. However, I managed to run the server in tunnel mode. and let an Linux client( use openswan+ xl2tpd) connect to the server, it works.<br>
<br>Then, when I change from tunnel mode to transport, connection failed(ipsec tunnel still up, but never goes to l2tp).<br><br>Again, I tcpdump on mast0 interface. and find that when in transport mode, the destination address packets from client has been changed to the internal address of the server. thus I think. even this packet can goes to l2tpd, it will never goes back to the client, because client never know the server's internal address<br>
<br>on clientA.<br>ping GW(S.111.111.111)<br>========================================================================<br>22:53:28.841232 IP 192.168.9.106 > <a href="http://192.168.11.19">192.168.11.19</a>: ICMP echo request, id 53249, seq 1, length 64<br>
22:53:29.838744 IP 192.168.9.106 > <a href="http://192.168.11.19">192.168.11.19</a>: ICMP echo request, id 53249, seq 2, length 64<br>22:53:30.840031 IP 192.168.9.106 > <a href="http://192.168.11.19">192.168.11.19</a>: ICMP echo request, id 53249, seq 3, length 64<br>
22:53:31.843266 IP 192.168.9.106 > <a href="http://192.168.11.19">192.168.11.19</a>: ICMP echo request, id 53249, seq 4, length 64<br>========================================================================<br><br>by the way, I add this line to my previous config to make it work in tunnel mode<br>
=============================<br>leftsubnet=S.111.111.111/32 #public IP of the gw<br>=============================<br><br>and add the public IP as an alias interface <br><br>ip addr add S.111.111.111/32 dev eth0 label eth0:0<br>
<br>I don't know why in transport mode, the dst IP changed to l2tp/ipsec GW's internal IP, the tcpdump when using tunnel mode shows the public IP(S.111.111.111) and that works fine.<br><br><br><br><br><div class="gmail_quote">
2011/7/28 Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
On Thu, 28 Jul 2011, Curu Wong wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Now I am testing ipsec/l2tp with the server itself behind NAT. here's the new network topology:<br>
<br>
clientA(192.168.9.106)-----><u></u>clientGWA(A.111.111.111)------<u></u>-->Server GW(S.111.111.111)------>l2tp/<u></u>ipsec GW(192.168.11.19)<br>
</blockquote>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><div class="im">
but, there's nothing happen to xl2tpd. the log just stops at this line:<br>
==============================<u></u>========================<br>
Jul 28 14:38:13 tvpn xl2tpd[1660]: Listening on IP address 0.0.0.0, port 1701<br>
</div></blockquote>
<br>
Specify the real IP address in listen-addr, do not let it default to ANY.<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br>