[Openswan Users] l2tp/ipsec not working with nat?

Jacco de Leeuw jacco2 at dds.nl
Fri Jan 11 17:37:30 EST 2008

Abraham Iglesias wrote:

> If I want to use the internal interface
> ( to bind the l2tpd server so that only ipsec authenticated
> packets could reach the l2tp server (as documentation explains), vpn
> gateway sends an unreachable port l2tp to the client.
> Would it be a solution to implement firewall policies to mark ipsec
> packets as documentation shows? Or is there any other solutions?

That should work, yes. Alternatives are using KLIPS instead of NETKEY,
or using policy match (a new iptables module) if you have a fairly recent
kernel and netfilter.


Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list