[Openswan Users] Problem with securing l2tpd (NETKEY 2.6)
Gbenga
stjames08 at yahoo.co.uk
Thu Jun 14 20:24:15 EDT 2007
> Include this in your /etc/xl2tpd/xl2tpd.conf file. That will make
> l2tp daemon listen on your internal ip. Make sure to restart your l2tpd service.
> [global]
> listen-addr = [internal ip]
>This would work if it was KLIPS. I have been struggling with it for days
>but couldn't make it work with NAT-T (module was crashing - couldn't find
>any solution) so I've switched to NETKEY. The problem is, that there's
>no ipsec interface anymore so I can't redirect traffic from tunnel
>to l2tpd listening on internal interface.
No, not really. I have: sudo ipsec --version Linux Openswan U2.4.7/K2.6.18 (netkey) with xl2tpd-1.1.05. Running fine, I have no problem at all with it. And xfrm is not related to selinux either, it is kernel hook for ipsec. I have the same setup as you; single interface openswan/xl2tp.
Have you got pass IPSec SA? If you have then your xl2tp.conf need to examined properly. Post it here and you might get some help
>The other thing I've found in kernel is:
>XFRM (IPSec) Networking Security Hooks
>As far as I know it's SELinux related - I've no experience with it.
>Looked for some documentation on that topic but couldn't find
anything.
Greetings,
adrian at ima.pl
Adrian Gruntkowski
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
___________________________________________________________
What kind of emailer are you? Find out today - get a free analysis of your email personality. Take the quiz at the Yahoo! Mail Championship.
http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk
More information about the Users
mailing list