[Openswan Users] l2tp firewall kernel 26

Jacco de Leeuw jacco2 at dds.nl
Tue Jun 28 21:48:35 CEST 2005

sasa wrote:

> ..the l2tp traffic (UDP port 1701) must be enable only on the internal
> interface, with kernel 2.4 and ipsec0 interface translate this traffic
> from ipsec0 (original destination) to eth1 (translate interface) but
> now I don't have ipsec0, what can I do ??

Your options are listed here:

Basically, it's:

- Switch to KLIPS on kernel 2.6.
- Run the L2TP daemon on eth0 and pray that your iptables firewall
   stays up.
- Use experimental netfilter patches for kernel 2.6.
- Wait for a fixed 2.6 kernel.
- Use a separate firewall and put it in front of the VPN server. Then
   NAT the IPsec packets to the VPN server.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list