[Openswan Users] Problem with L2TP / Transport mode
Jacco de Leeuw
jacco2 at dds.nl
Sat Sep 17 22:41:47 CEST 2005
Mark van Proctor wrote:
>> If you have been using the ipsec.exe tool and you want to switch back to
>> L2TP/IPsec you have to reenable the automatic L2TP/IPsec policy
>> (ProhibitIpSec in the registry). See also:
>
> [Mark]: This registry entry does not exist.
To my knowledge, the ipsec.exe tool automatically disables the L2TP/IPsec
policy so if you go back to L2TP/IPsec you need to change the registry.
>> Well, to rule out problems with the firewall you could disable it
>> temporarily and see if things suddenly work.
>
> [Mark]: Not really keen to do this. This is a live server that is used for
> other purposes. I have allowed UDP based L2TP traffic (with the L2TP server
> turned off, just logging packets to those ports) and nothing shows up. Also,
> the fact that traffic comes through the Standard connection suggests to me
> that my firewall is not the issue...
>
> [Mark]: Any other ideas?
Replicate the setup on a test system and start tweaking the firewall?
> In regards to this matter, I did some further snooping around and have found
> the following messages coming up in a tcpdump on the external interface:
Sniffing on interfaces that use 26sec/NETKEY is not reliable.
Encrypted and plain text packets may be mixed. Use an intermediate
system between the client and server for sniffing. KLIPS interfaces can
also be sniffed.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
Mosquitos suck
More information about the Users
mailing list