[Openswan Users] Xl2tpd - Openswan possible routing issue [SOLVED]

Janantha Marasinghe janantha at techcert.lk
Fri Sep 26 01:44:44 EDT 2008


With the great guidance of Paul and the others on this mailing list I 
manage to found a permanent fix :). The problems I encountered was due 
to kernel mismatches and openswan mismatches. So I did a fresh 
installation and below are my specs

Fedora Core 9
xl2tpd-1.1.12
openswan-2.6.14

This works!

Thank you all!
Regards
Janantha


Janantha Marasinghe wrote:
> Hi,
>
> Another thing I did out of the ordinary is that I did a rpmbuild -tb 
> on the latest xl2tpd package and then installed that using the rpm -i 
> command rather than doing the make install. Would this be the case why 
> the L2tp side is not working for me? I did not get any errors on the 
> rpmbuild.
>
>
> Paul Wouters wrote:
>> On Fri, 19 Sep 2008, Janantha Marasinghe wrote:
>>
>>> 1. Thanks for the reply Paul. I checked the xl2tpd.conf for the 
>>> ipsec saref option but there is no entry for ipsec saref. So does 
>>> this mean its turned off ? But anyway I did a
>>>
>>> ipsec saref = no just to make sure its off.
>>
>> Ok
>>
>>> 2. I changed the MTU to 1472 from the options.xl2tpd
>>
>> I meant changing the mtu on the acual public interface. Leave the mtu 
>> for
>> the inside tunnel as specified in options.xl2tpd to 120-1300.
>>
>>> 3. The iptables on the VPN server as far as IPSec/L2tp is concerned 
>>> is as follows
>>>
>>> -A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT
>>> -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 
>>> 500 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 
>>> 4500 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 
>>> 4500 -j ACCEPT
>>
>> You can always reset the rules and try briefly to make sure it is a 
>> firewall
>> issue.
>>
>> Paul
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   


-- 
-----------------------------------------------------
Best Regards
Janantha Marasinghe



More information about the Users mailing list