[Openswan Users] leftprotoport=17/1701 and non-UDP traffic
GuillermoOntañón
gontanon at pandasoftware.es
Mon Jan 9 16:41:40 CET 2006
Hi,
I have a question about the protocol/port selectors: what happens with
packets that do not belong to the protocol/port specified in
leftprotoport? should they be dropped or should they be forwarded
unencrypted?
I've set up an l2tp connection and all non-l2tp traffic between the
ipsec gateway (openswan 2.4.4 w/ klips) and the clients is dropped by
klips. If I ping the gateway from the roadwarrior packets travel
unencrypted (as expected), I see the echo replies from the gateway on
ipsec0 but the selectors prevent them from reaching the wire.
When the connection is established the first entry in the routing table
is this (192.168.80.2 is the roadwarrior):
$ ip r
192.168.80.2 dev ipsec0 scope link
So I guess that either I'm doing something wrong or it's not possible to
route udp/1701 packets through ipsec0 and all other packets through
eth0.
regards,
--
Guillermo Ontañón <gontanon at pandasoftware.es>
More information about the Users
mailing list