[Openswan Users] Securing L2TP when using Netkey

baron.openswan at mailnull.com baron.openswan at mailnull.com
Tue Mar 6 08:36:58 EST 2007

Hello folks,

I've recently managed to get the following combination of things working properly to the point where a roadwarrior can successfully connect to my network just as if they were internal clients. However, one things keeps bugging me and that's the fact that the only way I can seem to make things work is to have the L2TP daemon listening on my external interface.

Here's the environment:
O/S: Ubuntu Edgy (2.6.17-11)
Openswan: 2.4.5 (ubuntu package)
L2TP: 0.70 (ubuntu package)

ppp0 (my.public.ip.address)
eth1 (
eth2 (
eth3 (

ppp1 ( <-- Created upon established vpn session

The network I'm protecting is I want roadwarriors to get a address. In my current config, that all works fine, except like I mentioned, I don't like having the L2TP daemon listening on my ppp0 interface. 

Based on what I've ready, I understand that KLIPS supports ipsec style intefaces and Netkey does not. My question to you folks is whether or not there is a reasonable way to protect my L2TP daemon without using KLIPS.

I've seen a few people recommend some special iptables rules, but haven't seen any that really address my configuration.

Any help would be appreciated. Thanks in advance!

This message was sent from a MailNull anti-spam account.  You can get
your free account and take control over your email by visiting the
following URL.


More information about the Users mailing list