[Openswan Users] openswan + l2tpd + iptables problem
Paul Wouters
paul at xelerance.com
Tue Oct 17 10:54:35 EDT 2006
On Tue, 17 Oct 2006, mechanix at debian.org wrote:
> No, I know NATted IPsec works by encapsulation over udp 4500.
>
> Hmm, I can't seem to find blocked ipencap traffic in the firewall logs.
> Ok, I've removed the rule to allow ipencap and restarted openswan on the
> SG gateway to check. Seems to work. However, I am now getting these now:
>
> Oct 17 22:31:13 scotos kernel: IN=eth1 OUT= MAC=[...] SRC=BE.IP.ADDR.ESS DST=SG.IP.ADDR.ESS LEN=505 TOS=0x00 PREC=0x00 TTL=99 ID=0 DF PROTO=4
That has nothing to do with IPsec or Openswan. IPsec only uses:
Proto 50 and 51
UDP port 500 and 4500
And DNS for hostname resolution
> These are between the two VPN gateways, incidentally, so I would have
> guessed that it would be from the net2net tunnel.
Not an IPsec tunnel
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list