[Openswan Users] ipsec/l2tp problem
Paul Wouters
paul at xelerance.com
Sat Aug 9 16:36:30 EDT 2008
On Sat, 9 Aug 2008, Toby Chamberlain wrote:
> I am having a similar problem to you - the l2tp is stopping at the SCCRQ
> send and eventually timing out.... One thing I have noticed is the the
> server is trying to send the l2tp in the clear, not down the IPSEC tunnel.
> If you do a tcpdump like "tcpdump -vi eth<x> port 4500 or port l2f" what do
> you see?
IF you use NETKEY, sniffing on the ipsec gateway it self will appear to
show unencrypted packets, since these packets are encrypted after tcpdump
can see them.
Try changing the public interface on your l2tp server to use a lower
mtu, say 1472 or 1460.
Paul
More information about the Users
mailing list