[Openswan Users] Certificate exchange but no l2tp
Jacco de Leeuw
jacco2 at dds.nl
Tue May 17 12:40:17 CEST 2005
Oliver Tomkins wrote:
>> - Are you using leftnexthop= on the IPsec server?
>
> Would leftnexthop be the ip address of the l2tp server or the firewall?
The firewall. Are you saying your firewall and the IPsec server
are seperate systems? Is the firewall doing NAT (UDP 500/4500)
to the IPsec server, by any chance?
> It may not be entirely reliable but we are not seeing *anything* other
> than the certificate exchange when we try to make the connection.
You don't see any L2TP packets when you run 'tcpdump -i ipsec0 -n -l' ?
What do the Windows 2000 logs say?
> was the natt.patch but we're not using NAT traversal - is this a
> potential issue in youre opinion? We're using redhat 7.3 for both the
> IPSEC & L2TP servers.
If the IPsec packets are not NATed then obviously you don't need the
NAT-T. (But I would not be surprised if sooner or later users would
want to use NAT).
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list