[Openswan Users] Xl2tpd - Openswan possible routing issue
Paul Wouters
paul at xelerance.com
Fri Sep 19 12:26:17 EDT 2008
On Fri, 19 Sep 2008, Janantha Marasinghe wrote:
> 1. Thanks for the reply Paul. I checked the xl2tpd.conf for the ipsec saref
> option but there is no entry for ipsec saref. So does this mean its turned
> off ? But anyway I did a
>
> ipsec saref = no just to make sure its off.
Ok
> 2. I changed the MTU to 1472 from the options.xl2tpd
I meant changing the mtu on the acual public interface. Leave the mtu for
the inside tunnel as specified in options.xl2tpd to 120-1300.
> 3. The iptables on the VPN server as far as IPSec/L2tp is concerned is as
> follows
>
> -A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT
> -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 500 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4500 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4500 -j
> ACCEPT
You can always reset the rules and try briefly to make sure it is a firewall
issue.
Paul
More information about the Users
mailing list