[Openswan dev] Openswan 2.4.0rc4 instability with L2TP
Dmitriy
ddmk at r66.ru
Fri Aug 26 22:57:23 CEST 2005
openswan without nat - NOT WORK
In this test no virtual ip settings in config (i used ipsec.conf.no_nat from
logs.tar.bz2)
All used IP can be concerned public, NAT is turned off in this config.
You can compare openswan log to strongswan in this configuration.
Same config used for both, same kernel ,same l2tpd.
I don't know why OpenSwan do not work in such simple case.(may be config
incompatibility ?)
strange error - [can't send packet - network is unreachable] appears in
openswan log, but not appears in strongswan log.
ERROR: asynchronous network error report on eth0 (sport=500) for message to
192.168.3.2 port 500, complainant 192.168.2.2: No route to host [errno 113,
origin ICMP type 3 code 1 (not authenticated)]
----- Original Message -----
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <dev at openswan.org>
Sent: Friday, August 26, 2005 9:47 PM
Subject: Re: [Openswan dev] Openswan 2.4.0rc4 instability with L2TP
> Dmitriy wrote:
>
>> I test on two kernel 2.6.12.5 versions with NAT-T openswan patch and
>> without results:
>>
>> on kernel without NAT-T patch
>> openswan without nat - NOT WORK
>
> That can't be right (unless something significant has changed in the
> NETKEY support of the latest 2.6.12 kernels). This should work fine.
>
>> more detail result in attachments
>
> You should use public IP addressses on external interfaces and private
> addresses on the internal ones. Then you exclude these internal subnets
> in virtual_private.
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Dev
mailing list