[Openswan Users] "IPsec SA established" but ESP onlt in one direction

Jacco de Leeuw jacco2 at dds.nl
Thu Aug 26 19:38:32 CEST 2004

perr wrote:

> I configured Openswan on debian linux.
> Access is through certificates for L2TP over IPsec.

> NAT'ting router

> In this case I see again "IPsec SA established", but ESP packets flow only from
> the NAT'ting router public address to VPN gateway public address, and no packet
> go to the opposite direction!!!!
> l2tpd DOES NOT any log, as if incoming packets were discarded.

Are you using the 26sec backport in Debian? I could not get l2tpd to
work with 26sec on kernel 2.6 when there was NAT involved. I don't
know yet what is going on. Reportedly, rp-l2tp does not have this

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list