[Openswan Users] ipsec/l2tp gateway to the private net, packets come in on ipsec1 interface and come out on ipsec0, but everything works ok!

Paul Wouters paul at xelerance.com
Tue Jun 10 10:49:45 EDT 2008

> when i connected to the gateway from the public net both iptraf and 
> iptables reported that l2tp packets arrived on ipsec0 interface, and 
> went out on ipsec1, but the connection worked very well at the same 
> time! I watched nothing special in the logs.

> two interfaces: eth0 - private, eth1 - public.
> from ipsec.conf:
> conn settings
> 	intefaces="ipsec0=eth0 ipsec1=eth1"
> when i changed interfaces to
> 	intefaces="ipsec0=eth1"
> or to
> 	intefaces="ipsec0=eth1 ipsec1=eth0"

Do you run ipsec on the private interface? if not, then you should just
use interfaces="ipsec0=eth1"

> l2tp traffic went as necessary, that is, l2tp packets came in and went 
> out on the same interface ipsec0. when i changed back to "ipsec0=eth0 
> ipsec1=eth1" packets were reported by iptables again as coming in and 
> out on different ipsec interfaces.

I don't understand this. Do you have funky routing? Is your l2tp/ipsec
gateway behind NAT? (eg will the packets need to come in and go out
over the same interface? but if you do why have two ethers?)

> By the way, is it possible now for many roadwarriors to connect to the 
> klips ipsec/l2tp gateway using the same PSK? 

AFAIK, it is the only way to use PSK with roadwarriors.

> said that single PSK could be used for many roadwarriors with the option 
> "nouniqueids=no" in the connection definition, but i've got an error 



More information about the Users mailing list