[Openswan Users] Xl2tpd - Openswan possible routing issue

Paul Wouters paul at xelerance.com
Fri Sep 19 12:26:17 EDT 2008


On Fri, 19 Sep 2008, Janantha Marasinghe wrote:

> 1. Thanks for the reply Paul. I checked the xl2tpd.conf for the ipsec saref 
> option but there is no entry for ipsec saref. So does this mean its turned 
> off ? But anyway I did a
>
> ipsec saref = no just to make sure its off.

Ok

> 2. I changed the MTU to 1472 from the options.xl2tpd

I meant changing the mtu on the acual public interface. Leave the mtu for
the inside tunnel as specified in options.xl2tpd to 120-1300.

> 3. The iptables on the VPN server as far as IPSec/L2tp is concerned is as 
> follows
>
> -A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT
> -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 500 -j 
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4500 -j 
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4500 -j 
> ACCEPT

You can always reset the rules and try briefly to make sure it is a firewall
issue.

Paul


More information about the Users mailing list