[Openswan Users] ipsec/l2tp with nat traversal
tbenson at a-1networks.com
Wed Apr 26 11:45:38 CEST 2006
On Wednesday, April 26, 2006 Paul wrote:
> Did you set a lower then 1500 mtu on your external interface on the
> server? Did you set mtu/mru to 1200 in the l2tpd.conf? Which l2tpd are
> you running?
Here is the entire options file
> Also check jacco's page:
Used root while editing the files.
> > What I see is that the secure log shows SA Established. Next I see
> > packets on the tcpdump for eth0 using port 4500. During this the
> > tcpdump of ipsec0 doesn't show any packets at all
> So you see ESPinUDP packets, but no decrypted packets. Check if this
> not an MTU
Well this is a connection from a site that has another site to site
tunnel running on it to the same gateway, and has for years. No traffic
issues from the site to site, would the mtu settings in options not
account for whatever would be required if leaving a standard 1500 has
worked for years (and is working while all this testing is going on).
I will go into the datacenter in a minute and connect to a public ip on
our switch and see if this changes seeing decrypted packets on ipsec0.
> Building and integrating Virtual Private Networks with Openswan:
More information about the Users