[Openswan Users] l2tpd firewall

Paul Wouters paul at xelerance.com
Tue Oct 25 23:56:18 CEST 2005


On Tue, 25 Oct 2005, Sindata wrote:

>  in the /var/log/messages I have:
> Oct 25 19:34:23 newfw pluto[3882]: "ROADWARRIOR"[14] x.x.x.x #16: sent MR3, ISAKMP SA established

That'y only half the connection. You should also see "IPsec SA Established".

> I am not able to shape the firewall so as to to have 1701 open for the only ipsec calls.
> Someone knows a way to have the ipsec0 or in order protect the channel of the l2tp?

There are no ipsecX interfaces with NETKEY, which you are running. At most you can use
iptables MARK on all esp packets, then only allow port 1701 if the packets are marked.

Paul
-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list