[Openswan Users]
Paul Wouters
paul at xelerance.com
Tue Aug 1 01:34:10 CEST 2006
On Mon, 31 Jul 2006, Tomasz Grzelak wrote:
> Jul 31 13:52:58 localhost pluto[19518]: "roadwarrior"[2] W.X.Y.Z #2:
> STATE_QUICK_R2: IPsec SA established {ESP=>0x92103582 <0xb8fbb2f0
> xfrm=3DES_0-HMAC_MD5 NATD=W.X.Y.Z:13631 DPD=none}
Ok, so it is actually setting up NAT properpy.
> Jul 31 13:52:57 localhost pluto[19518]: | add inbound eroute W.X.Y.Z/32:1701
> --17-> A.B.C.D/32:1701 => tun.10000 at A.B.C.D (raw_eroute)
Oh, this is for transport mode IPsec.... Duh. of course, you showed the l2tp bit.
Try setting the openswan external interface to an mtu of 1472 and see if that
fixes things. Unfortunately, transport mode NAT'ed IPsec connections are very
complex and sensitive to get working. :(
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list