[Openswan Users] What needs to be done to route data across ipsec interface?
Eduan Basson
eduan at multenet.com
Wed Nov 19 08:55:37 EST 2008
Hi Paul
Paul Wouters wrote:
>> route and add one over the unencrypted interface, I can ping my server,
>> but I can't netcat to port 1701 (for l2tp VPN) - no idea why. Shouldn't
>> this be possible? And likewise, shouldn't it be possible across the
>> encrypted interface as well?
>>
>
> If you setup a 17/1701 tunnel, you CANNOT ping through the tunnel, as only
> udp port 1701 (l2tp) packets will be allowed.
>
But shouldn't a netcat (using UDP flag) to port 1701 connect?
> Are you setting up an l2tp tunnel? Are you running xl2tpd? did a pppX
> interface pop up? Did you get an IP assigned?
>
>
>
I am trying to set up an l2tp tunnel, yes. I tried it with openl2tp
first, as that was what I used for l2tp without ipsec, but failing that
I tried xl2tpd. In one scenario I connect ipsec over eth0, but not l2tp
means no pppX interface and no new IP. In another scenario I dial-up
over GSM using pppd first, so I have a ppp0 interface on which to create
the ipsec0 interface, but again I can't initiate l2tp on this, so the
intended ppp9 l2tp interface never gets created.
I'm trying to see how to test without introducing confusing variables
like l2tp packages. How can I test whether the ipsec connection is 100%
ready for l2tp to be created?
Thank you
Eduan
More information about the Users
mailing list