[Openswan Users] Ipsec connection doesn't work over PPP
antony at wayforth.co.uk
Thu Nov 23 08:32:47 EST 2006
> Paul Wouters wrote:
>> On Thu, 9 Nov 2006, Antony Gelberg wrote:
>>> I have a roadwarrior config on my laptop (roadwarrior-net in the logs),
>>> that works very well from outside the office, via ADSL connections,
>>> whether my laptop has a public or static IP.
>>> However, when I connect to the Internet via my mobile phone (ppp0 in
>>> logs), everything works apart from openswan. The SA comes up, but I
>>> can't ping or do anything else via the gateway.
>>> I've put a barf at http://static.wayforth.co.uk/ipsec_barf. Hope
>> Some things I see:
>> - Enable IP forwarding
>> - Disable rp_filter on all interfaces
>> - REcompile kernel with Advanced routing enabled.
> Hi Paul,
> Thanks for responding. I don't see why I need to do this when the same
> configuration works with another Internet connection e.g. ADSL via eth0.
>> conn roadwarrior-net
>> I am somewhat confused wether I am looking at a client or server barf,
>> since you mentioned the client was a phone.
> Little confusion there. The client and server are both Linux-based.
> The phone is used merely for its UMTS modem which manifests as ppp0 on
> the client. You are looking at a client barf.
>> Can you change left and right. There might be a bug with
>> does not work as expected.
>> If this is the server, it would need
>> right=%any, not right=%defaultroute.
>> You also need auto=add because you cannot initiate to %any, you need to
>> for them to initiate to you.
>> The logs show no problem, so it could be that ESP packets are being
>> Try adding "forceencaps=yes" to roadwarrior-net. It will cause NAT-T to
>> in and use ESPinUDP packets instead of ESP. Perhaps those are not
Unfortunately this didn't help at all.
Is there any other option than to ask Vodafone? Is anybody using openswan
over a Vodafone data link?
More information about the Users