[Openswan Users] Xl2tpd - Openswan possible routing issue

Janantha Marasinghe janantha at techcert.lk
Mon Sep 22 23:07:15 EDT 2008


Hi,

Another thing I did out of the ordinary is that I did a rpmbuild -tb on 
the latest xl2tpd package and then installed that using the rpm -i 
command rather than doing the make install. Would this be the case why 
the L2tp side is not working for me? I did not get any errors on the 
rpmbuild.


Paul Wouters wrote:
> On Fri, 19 Sep 2008, Janantha Marasinghe wrote:
>
>> 1. Thanks for the reply Paul. I checked the xl2tpd.conf for the ipsec 
>> saref option but there is no entry for ipsec saref. So does this mean 
>> its turned off ? But anyway I did a
>>
>> ipsec saref = no just to make sure its off.
>
> Ok
>
>> 2. I changed the MTU to 1472 from the options.xl2tpd
>
> I meant changing the mtu on the acual public interface. Leave the mtu for
> the inside tunnel as specified in options.xl2tpd to 120-1300.
>
>> 3. The iptables on the VPN server as far as IPSec/L2tp is concerned 
>> is as follows
>>
>> -A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT
>> -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 500 
>> -j ACCEPT
>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 
>> 4500 -j ACCEPT
>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 
>> 4500 -j ACCEPT
>
> You can always reset the rules and try briefly to make sure it is a 
> firewall
> issue.
>
> Paul


-- 
-----------------------------------------------------
Best Regards
Janantha Marasinghe


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2437 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20080923/f3451aa5/attachment.bin 


More information about the Users mailing list