[Openswan Users] ipsec/l2tp problem
james
james at softroute.net
Mon Aug 11 09:39:06 EDT 2008
Hi,
I changed the mtu of the public interface to 1460, still the same
Regards,
James
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: 2008年8月9日 16:37
To: Toby Chamberlain
Cc: james; users at openswan.org
Subject: Re: [Openswan Users] ipsec/l2tp problem
On Sat, 9 Aug 2008, Toby Chamberlain wrote:
> I am having a similar problem to you - the l2tp is stopping at the SCCRQ
> send and eventually timing out.... One thing I have noticed is the the
> server is trying to send the l2tp in the clear, not down the IPSEC tunnel.
> If you do a tcpdump like "tcpdump -vi eth<x> port 4500 or port l2f" what
do
> you see?
IF you use NETKEY, sniffing on the ipsec gateway it self will appear to
show unencrypted packets, since these packets are encrypted after tcpdump
can see them.
Try changing the public interface on your l2tp server to use a lower
mtu, say 1472 or 1460.
Paul
More information about the Users
mailing list