[Openswan Users] leftprotoport=17/1701 and non-UDP traffic

GuillermoOntañón gontanon at pandasoftware.es
Mon Jan 9 16:41:40 CET 2006


I have a question about the protocol/port selectors: what happens with
packets that do not belong to the protocol/port specified in
leftprotoport? should they be dropped or should they be forwarded

I've set up an l2tp connection and all non-l2tp traffic between the
ipsec gateway (openswan 2.4.4 w/ klips) and the clients is dropped by
klips. If I ping the gateway from the roadwarrior packets travel
unencrypted (as expected), I see the echo replies from the gateway on
ipsec0 but the selectors prevent them from reaching the wire.

When the connection is established the first entry in the routing table
is this ( is the roadwarrior):

	$ ip r dev ipsec0  scope link

So I guess that either I'm doing something wrong or it's not possible to
route udp/1701 packets through ipsec0 and all other packets through

Guillermo Ontañón <gontanon at pandasoftware.es>

More information about the Users mailing list