[Openswan Users] L2TP over IPsec over WLAN for OS-X, Panther and others ...

Alan Whinery whinery at hawaii.edu
Fri Jul 22 08:24:15 CEST 2005


Hi guys,

I'm between jet-lagging back from Vancouver last night and heading for 
Kauai for the weekend, so I'm a little out of touch.

These days, my tun0 interface on the operational machine is using the 
bind address. It would be interesting to see one iteration of a 
connection attempt in your pluto log messages.

Alan

>------------------------------
>
>Message: 2
>Date: Fri, 22 Jul 2005 08:55:38 +0200
>From: Beat Zahnd <beat.zahnd at phim.unibe.ch>
>Subject: Re: [Openswan Users] L2TP over IPsec over WLAN for OS-X
>	Panther and others ...
>To: Jacco de Leeuw <jacco2 at dds.nl>, users at openswan.org
>Message-ID: <42E0986A.10807 at phim.unibe.ch>
>Content-Type: text/plain; charset=us-ascii; format=flowed
>
>Jacco de Leeuw wrote:
>
>  
>
>>I don't understand why you changed the IP addresses. The previous
>>ones should have worked.
>>
>>    
>>
>
>My existing wired net is 192.168.1.0. I made a mistake when trying to 
>get the gateway working.
>
>  
>
>>>Client           air         AP         air       VPN Gateway
>>>192.168.2.2 ~~~~~~~~~ 192.168.1.254 ~~~~~~      Debian sarge
>>>OS X                                         \
>>>                                              ~ eth1 192.168.2.2
>>>      
>>>
>>This won't fly if the AP is bridging.
>>
>>    
>>
>
>192.168.2.2 can still reach 192.168.2.2 and IPsec is working. Anything 
>else too since 192.168.2.2 is not firewalled at the moment.
>
>  
>
>>>set bind_address 192.168.1.11
>>>      
>>>
> >
>  
>
>>This should be the external (wireless) address if you are using
>>NETKEY. If you are using KLIPS you can bind it to the internal
>>address and do a NAT mapping.
>>    
>>
>
>I use KLIPS. I tried the NAT mapping yesterday without success:
>
>iptables -t nat --append PREROUTING -i ipsec0 -p udp --dport 1701 -j 
>DNAT --to-destination 192.168.1.10
>
>L2TPNS creates a tun0 interface which gets the address defined with 
>bind_address:
>
>tun0      Link encap:UNSPEC  HWaddr 
>00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>           inet addr:192.168.1.11  P-t-P:192.168.1.11  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING  MTU:1500  Metric:1
>
>
>I will try what happens if bind_address is set to the address of the 
>inner interface 192.168.1.10. As I understand tun0 is the same as ppp0 
>when using l2tpd/ppp. Therefore I used 192.168.1.10 for the inner 
>interface eth0 and 192.168.1.11 for tun0. Alan Whinery seems not to use 
>the bind_address and tun0 gets the default address 1.1.1.1
>
>Im curious to what the interface paremeter in ipsec.conf has to be set. 
>If interface is not specified ipsec0 is on my internal interface eth0 
>because the default route is set to it. This is the wrong one I think. I 
>set it to "ipsec0=eth1" 'external' wireless interface.
>
>
>  
>
>>I have not yet used l2tpns so I can't help you with this. Check out
>>Alan Whinery's notes at:
>>http://thundarr.its.hawaii.edu/advanced/make_work/IPSec/Openswan_Windows_x509/index.html 
>>    
>>
>
>I saw this page and l2tpns is up an d running but it gets nothing from 
>the IPsec part.
>
>
>
>Beat
>
>
>  
>



More information about the Users mailing list