[Openswan Users] Cannot make openswan working...

Jacco de Leeuw jacco2 at dds.nl
Thu May 1 09:42:00 EDT 2008

Andriy Lesyuk wrote:

> Okey, the problems seems to be solved... partially! I added
> leftnexthop=x2.x2.x2.x2 The server network interfaces are: eth0:
> x2.x2.x2.x2 - external interface with real IP

I still don't understand your setup. The server has a leftnexthop
to its own network interface?

What is it exactly that you want to achieve? Allow VPN users in
from the Internet to the internal network? Allow VPN users on
the internal (possibly untrusted such as wireless?) network out
to the Internet?

> eth1: x.x.x.x - internal interface with real IP and networks:

The internal interface has a real world IP address?

> Packets arriving to L2TPd server on ipsec0 visually go from client's router
> real IP (y.y.y.y) and port 1701 and go to x.x.x.x:1701. They are leaving
> the server from interface eth0. I can understand why they do...

L2TP packets should not leave the server unencrypted unless you
explicitly forward them to some other L2TP server (which is rare).

> PPTP (as an alternative to IPSec/L2TP) can be used in local network for
> providing Internet access (like PPPoE). In this case the client connects
> from the zone which is actually used on the server. So I wonder if
> IPSec/L2TP can be used as VPN over Ethernet

I don't know what you mean exactly, but L2TP/IPsec can do the same
things as PPTP.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list