[Openswan Users] Problem with L2TP / Transport mode
Mark van Proctor
m.vanproctor at metech.com.au
Fri Sep 16 12:50:46 CEST 2005
In regards to this matter, I did some further snooping around and have found
the following messages coming up in a tcpdump on the external interface:
IP <client machine> > <local machine>: ESP(....)
IP <local machine> > <client machine>: icmp 152: <local machine> udp port
l2tp unreachable
Normally, I would see the following, even if the packet is eventually logged
and dropped by the firewall:
IP <client machine> > <local machine>: ESP(....)
IP <client machine>.<client port> > <local machine>.<local port>: ....
So to me, this looks like 26sec is basically saying that the l2tp data is
not valid for the tunnel.
Setkey -DP shows the correct tunnels for port 1701:
<client IP>[1701] <external IP>[1701] udp
in ipsec
esp/transport//unique#xxxxx
<external IP>[1701] <client IP>[1701] udp
out ipsec
esp/transport//unique#xxxxx
Any other thoughts?
Thanks,
Mark
More information about the Users
mailing list