[Openswan Users] ipsec/l2tp gateway to the private net, packets come in on ipsec1 interface and come out on ipsec0, but everything works ok!
paul at xelerance.com
Tue Jun 10 10:49:45 EDT 2008
> when i connected to the gateway from the public net both iptraf and
> iptables reported that l2tp packets arrived on ipsec0 interface, and
> went out on ipsec1, but the connection worked very well at the same
> time! I watched nothing special in the logs.
> two interfaces: eth0 - private, eth1 - public.
> from ipsec.conf:
> conn settings
> intefaces="ipsec0=eth0 ipsec1=eth1"
> when i changed interfaces to
> or to
> intefaces="ipsec0=eth1 ipsec1=eth0"
Do you run ipsec on the private interface? if not, then you should just
> l2tp traffic went as necessary, that is, l2tp packets came in and went
> out on the same interface ipsec0. when i changed back to "ipsec0=eth0
> ipsec1=eth1" packets were reported by iptables again as coming in and
> out on different ipsec interfaces.
I don't understand this. Do you have funky routing? Is your l2tp/ipsec
gateway behind NAT? (eg will the packets need to come in and go out
over the same interface? but if you do why have two ethers?)
> By the way, is it possible now for many roadwarriors to connect to the
> klips ipsec/l2tp gateway using the same PSK?
AFAIK, it is the only way to use PSK with roadwarriors.
> said that single PSK could be used for many roadwarriors with the option
> "nouniqueids=no" in the connection definition, but i've got an error
More information about the Users