[Openswan Users] What needs to be done to route data across ipsec interface?
Paul Wouters
paul at xelerance.com
Tue Nov 18 11:43:32 EST 2008
On Tue, 18 Nov 2008, Eduan Basson wrote:
> I can establish an ipsec connection between my linux 2.4 running
> openswan and a Windows 2003 server, but I can't send any data across the
> ipsec0/NPF_GenericDiailupAdapter interfaces. I think this must be
> iptables or routing related.
>
> What is the best practice for routing? Currently I set up a static route
> to the IPSEC/VPN server via my unencrypted interface (eth0 or ppp0,
You should not need to do anything manully to get things working.
> route and add one over the unencrypted interface, I can ping my server,
> but I can't netcat to port 1701 (for l2tp VPN) - no idea why. Shouldn't
> this be possible? And likewise, shouldn't it be possible across the
> encrypted interface as well?
If you setup a 17/1701 tunnel, you CANNOT ping through the tunnel, as only
udp port 1701 (l2tp) packets will be allowed.
Are you setting up an l2tp tunnel? Are you running xl2tpd? did a pppX
interface pop up? Did you get an IP assigned?
Paul
More information about the Users
mailing list