[Openswan Users] Openswan + L2TP

Jacco de Leeuw jacco2 at dds.nl
Thu Aug 11 14:45:10 CEST 2005


Marcos Ferreira da Silva wrote:

> But i don't understand how the connection will be made with client L2TP
> if I don't have any port 1701 on external interface.
>
> My l2tpd.conf:
> [global]
> listen-addr = 192.168.99.1

This should be your external address if you are using NETKEY.
That is why there is currently no daemon to UDP 1701 on the
external address.

If you are using KLIPS you do not have to change this line but
you will have to forward the packets to the internal address
with iptables.

> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%
> v4:192.168.0.0/16

Your 192.168.1.x addresses may be conflicting with this.
I suggest you change them to something that is not in RFC 1918,
e.g. 1.1.1.1 and 1.1.1.2. You also need to add the following to
your virtual_private line:

   ,%v4:!192.168.99.0/24

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list