[Openswan Users] Cannot make openswan working...

Jacco de Leeuw jacco2 at dds.nl
Thu May 1 17:50:11 EDT 2008

Andriy Lesyuk wrote:

>> I still don't understand your setup. The server has a leftnexthop
>> to its own network interface?
> Actually, yes... Is this not good?

No, not good. Usually you don't need to explicitly set this parameter.
See man ipsec.conf.

> eth1 is internal interface which does have real world IP addresses.

Why? It is not to be accessed from the outside, right?

> Openswan listens to L2TP server also listens to

That means you want users on the internal network to securely access
the Internet?

>> What is it exactly that you want to achieve? Allow VPN users in
>> from the Internet to the internal network? Allow VPN users on
>> the internal (possibly untrusted such as wireless?) network out
>> to the Internet?
> Ideally I want both... But currently I want to have VPN for external
> (from Internet) users.

If so, then currently Openswan is listening on the wrong interface.

I don't know if you can support both scenarios at the same time.
I for one have not tested this. If you are just starting with
Openswan and L2TP, I'd say to forget about it at this stage.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list