[Openswan Users] Tunnels come up, but not all traffic goesthrough

Jacco de Leeuw jacco2 at dds.nl
Sat Jun 12 16:10:26 CEST 2004


Herbert Xu wrote:

> Depends on what you're using the PREROUTING chain for.  If it's to
> perform packet authorisation then it will work correctly.  If you're
> trying to DNAT traffic coming out of an IPsec tunnel then it will NOT
> work.

The idea is to bind the L2TP daemon to localhost or an internal interface.
So when IPsec is down and there is no firewall, the daemon is not exposed
on the external interface. I don't particularly care how this is achieved,
as long as it's safe and it works. It worked with DNAT on ipsec0. If there
is another way to do this, I'd be interested to know.

> However the NAT issue is being addressed and there are already patches
> that you can obtain which resolves the problem.

Any idea if these patches will be in the mainstream soon?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list