[Openswan Users] Cisco IP Redirect and L2TP

Paul Wouters paul at xelerance.com
Mon Dec 3 10:26:11 EST 2007

On Mon, 3 Dec 2007, Lars Behrens wrote:

> this message is indeed typical for a firewall that blocks the port
> (s); but there *is* no firewall on the way between our openswan-
> gateway and the dial-up-clients. the only changes that happens from a
> working setup to a non-working setup ist when "ip redirect" is sat on
> the gigabit-interface on a cisco-router.

> > I bet the working roadwarriors were on direct pppoe/pptp and had a
> > public IP address, while the third was behind NAT.
> no, sorry, you didnt get it ;-)
> all the roadwarriors were and are natted.

> so we am very sure that the problem is the "no ip redirect" setting
> on the cisco-router (and this is layer 2).

> I tried different MTU/MRU on my OpenSwan-machine, but that doesnt
> So maybe it is possible to define some kind of packethandling on the
> openswan-box? the "no ip redirect" setting on the cisco is done for
> security reasons and should not be disabled for always.

What does "ip redirect" do? Does it alter other settings on the cisco?

Can you tcpdump the two scenarios, and see if there are any packet


More information about the Users mailing list