[Openswan Users] L2TP setup - shouldn't this be ESP?

Radek Antoniuk r.antoniuk at pixel.com.pl
Mon Jun 19 12:36:56 CEST 2006

Jacco de Leeuw wrote:
 > Radek Antoniuk wrote:
 >> After establishing IPSec tunnel between the RW and the GATEKEEPER, i
 >> see packets destined to the L2TP/1701 port.
 >> Shouldn't it be ESP?
 > Make sure you run your packet sniffer on a separate machine in between
 > the client and the server.

Ok, my fault. It should allow only the trafic on loopback.
But I'd like a hint on some other issue.
The communication is done through the tuntap (tun0) device.
Now, is there any way of autofirewalling this? Because now I'd have to 
accept all traffic with destination interface tun0 (which is not the 
biggest security issue I think, but I don't like it anyhow).

Best regards,
Radek Antoniuk

More information about the Users mailing list