[Openswan Users] unencrypted l2tp packets
Paul Wouters
paul at xelerance.com
Thu Aug 3 15:53:13 EDT 2006
On Tue, 1 Aug 2006, Brett Curtis wrote:
> I am having this same problem on a test box.
>
> l2tpd version = net-dialup/xl2tpd-1.04
> I have this exact same configuration working in a production Env. However I
> never connect from the same subnet... And the only other differences are this
> box is 64bit EM64T and is _not_ running SELINUX.
>
> Openswan seems fine:
>
> Aug 1 09:07:02 defender64 pluto[14647]: "roadwarrior-osx-xp"[1] 192.168.1.103
> #6: STATE_QUICK_R2: IPsec SA established {ESP=>0x8bb63922 <0xdd103424
> xfrm=3DES_0-HMAC_MD5 NATD=192.168.1.103:500 DPD=none}
>
>
> Is this expected behavior because I am connecting from the same subnet?
What do you expect to happen when you are connecting an l2tp tunnel from
within the same subnet? Do you have two IP addresses from the same subnet,
one carrinyg traffic encrypted for the other ip? Then what if you are
then also sending traffic to another machine in the same subnet? Should
it go over the tunnel or not? I am not sure what Windows or OSX does
for these cases.
I would recommend creating a seperate subnet with IP addresses that
will only be used with l2tp, so that it does not matter whether you are
connecting from the inside or the outside, you are just connecting
from "some network" to the l2tp subnet.
Paul
More information about the Users
mailing list