[Openswan Users] "IPsec SA established" but ESP onlt in one direction

Marco Perrando perr at com.dist.unige.it
Fri Aug 27 11:10:57 CEST 2004

Quoting Jacco de Leeuw <jacco2 at dds.nl>:

> perr wrote:
> > I configured Openswan on debian linux.
> > Access is through certificates for L2TP over IPsec.
> > NAT'ting router
> > In this case I see again "IPsec SA established", but ESP packets flow only
> from
> > the NAT'ting router public address to VPN gateway public address, and no
> packet
> > go to the opposite direction!!!!
> >
> > l2tpd DOES NOT any log, as if incoming packets were discarded.
> Are you using the 26sec backport in Debian? I could not get l2tpd to
> work with 26sec on kernel 2.6 when there was NAT involved. I don't
> know yet what is going on. Reportedly, rp-l2tp does not have this
> problem.

I compiled and installed rp-l2tp, and run it in total debugging (-f -d 65535),
but the problem remains!
I see only ESP packets flowing in one direction, and no line written by l2tpd....

I also turned off all firewalls rules, and put a 0 in all rp_filter file of all
interfaces (also default and all), but nothing changed.

It is possible to tell pluto to send its unencrypted traffic somewhere in order
to check what the client is sending to the server? I continue to see those ESP
packets wondering what's hidden inside them!!!

Thank you for your attention.


This mail sent through IMP: http://horde.org/imp/

More information about the Users mailing list