[Openswan Users] ipsec/l2tp gateway to the private net, packets come in on ipsec1 interface and come out on ipsec0, but everything works ok!

Paul Wouters paul at xelerance.com
Tue Jun 10 13:30:55 EDT 2008



> when i ran "iptables -A INPUT -i ipsec0 -j LOG --log-level info" i watched 
> incoming l2tp packets.

That's right. ipsecX shows you traffic before encrypting and after decrypting

> when i ran "iptables -A OUTPUT -i ipsec1 -j LOG --log-level info" i watched 
> outgoing l2tp packets.

That's kind of odd, but ipsec devices are just entry points to KLIPS, which
then uses itspolicies to do its work. So it does not matter much. In this
case, the packets will go to ipsec1, find no policy, and go out in the clear.

>> "uniqueids=no"
> It was a mistake in my letter (not in my local files). When put it into the 
> "config setup" section, it works. I tried to put it into "conn ..." section 
> beforehand, that's why i've got an error message, i suppose.

Ah, oki.

Paul


More information about the Users mailing list