[Openswan Users] Certificate exchange but no l2tp

[Oliver Tomkins]

Thanks for the suggestions.

Jacco de Leeuw wrote:

> Here are some suggestions:
> 
> - There is a Howto by Martin Koeppe about such a setup:
>   http://koeppe-net.de/l2tp-howto.txt
>   It could use a bit of an update but you'll probably get the gist of it.

As far as I can tell - we've pretty much got the same set up as 
described in the article.
> 
> - NAT forwarding after IPsec currently does not work on 26sec, but there
>   are experimental ipsec hook netfilter patches by Patrick McHardy.

We're not using 26sec.
> 
> - Are you using leftnexthop= on the IPsec server?
> 

Would leftnexthop be the ip address of the l2tp server or the firewall?

> - Running tcpdump on the VPN server itself is not entirely reliable
>   when 26sec is used. A seperate system for sniffing packets is better.

It may not be entirely reliable but we are not seeing *anything* other 
than the certificate exchange when we try to make the connection.

> - Do L2TP packets arrive at the L2TP server at all? Does it send
>   responses back? Does it have a default route to the IPsec server?

We see nothing getting as far as the l2tp server at the moment.  We 
can't see any packets going through our firewall rules at this time. 
Having googled this for most of yesterday the only thing I coyuld find 
was the natt.patch but we're not using NAT traversal - is this a 
potential issue in youre opinion?  We're using redhat 7.3 for both the 
IPSEC & L2TP servers.

Many thanks for your help,

Olly.



The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk