[Openswan Users] xl2tpd source address problem

Paul Wouters paul at xelerance.com
Mon Nov 24 14:50:34 EST 2008


> I have two boxes serving openswan/xl2tpd configuration for roadwarriors.
> IP addresses are shared over VRRP. Everything works fine, until one of the boxes goes down. If the 2nd box will bring up the 2nd ip address, xl2tpd wont work probperly. The issue is, that even though IPSEC connection is estalished fine, xl2tpd replays to the client with the first address on the interface as the source address:

This is with listen-addr set to 0.0.0.0 ?
We have never tested this scenario. It might require some patching to xl2tp
to keep track of the incoming ip address.

> Btw: Is there any way to see the trafic on the outer interface before it gets encrytped while using NETKEY?

Some people reported success using a fake interface, eg try:

ifconfig eth0:bogus 1.2.3.4
tcpdump -i eth0:bogus -n

But it does not always seem to work.

Paul


More information about the Users mailing list