[Openswan dev] Openswan 2.4.0rc4 instability with L2TP

Dmitriy ddmk at r66.ru
Fri Aug 26 22:57:23 CEST 2005

openswan without nat - NOT WORK
In this test no virtual ip settings in config (i used ipsec.conf.no_nat from 
All used IP can be concerned public, NAT is turned off in this config.
You can compare openswan log to strongswan in this configuration.
Same config used for both, same kernel ,same l2tpd.

I don't know why OpenSwan do not work in such simple case.(may be config 
incompatibility ?)
strange error - [can't send packet - network is unreachable] appears in 
openswan log, but not appears in strongswan log.
ERROR: asynchronous network error report on eth0 (sport=500) for message to port 500, complainant No route to host [errno 113, 
origin ICMP type 3 code 1 (not authenticated)]

----- Original Message ----- 
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <dev at openswan.org>
Sent: Friday, August 26, 2005 9:47 PM
Subject: Re: [Openswan dev] Openswan 2.4.0rc4 instability with L2TP

> Dmitriy wrote:
>> I test on two kernel versions with NAT-T openswan patch  and 
>> without results:
>> on kernel without NAT-T patch
>>    openswan without nat - NOT WORK
> That can't be right (unless something significant has changed in the
> NETKEY support of the latest 2.6.12 kernels). This should work fine.
>> more detail result in attachments
> You should use public IP addressses on external interfaces and private
> addresses on the internal ones. Then you exclude these internal subnets
> in virtual_private.
> Jacco
> -- 
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl 

More information about the Dev mailing list