[Openswan Users] Certificate exchange but no l2tp
Oliver Tomkins
oliver.tomkins at alliedvehicles.co.uk
Tue May 17 11:54:05 CEST 2005
Thanks again Jacco,
Jacco de Leeuw wrote:
> The firewall. Are you saying your firewall and the IPsec server
> are seperate systems? Is the firewall doing NAT (UDP 500/4500)
> to the IPsec server, by any chance?
Yes I am. vpn traffic comes through our corporate firewall to the
ipsec machine in the DMZ. We then do
DNAT udp -- anywhere anywhere udp spt:l2tp
dpt:l2tp to:XXX.XXX.XXX.XXX
Where XXX is on the internal subnet.
to direct the traffic to the l2tp machine. We use public ip addresses
throughout - so no need for NAT.
>
> You don't see any L2TP packets when you run 'tcpdump -i ipsec0 -n -l' ?
> What do the Windows 2000 logs say?
Yes - we see no L2TP packets across the ipsec interface. I can't seem
to see anything concerning the connection on the client machine.
The only difference we can see from connecting from the same machine in
the test enviromment to the "real world" example is that in the real
world the client is picking up it's details from the ISP when it dials up.
Thanks,
Olly.
The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk
More information about the Users
mailing list