[Openswan Users] Xl2tpd - Openswan possible routing issue [SOLVED]

Janantha Marasinghe janantha at techcert.lk
Fri Sep 26 01:44:44 EDT 2008

With the great guidance of Paul and the others on this mailing list I 
manage to found a permanent fix :). The problems I encountered was due 
to kernel mismatches and openswan mismatches. So I did a fresh 
installation and below are my specs

Fedora Core 9

This works!

Thank you all!

Janantha Marasinghe wrote:
> Hi,
> Another thing I did out of the ordinary is that I did a rpmbuild -tb 
> on the latest xl2tpd package and then installed that using the rpm -i 
> command rather than doing the make install. Would this be the case why 
> the L2tp side is not working for me? I did not get any errors on the 
> rpmbuild.
> Paul Wouters wrote:
>> On Fri, 19 Sep 2008, Janantha Marasinghe wrote:
>>> 1. Thanks for the reply Paul. I checked the xl2tpd.conf for the 
>>> ipsec saref option but there is no entry for ipsec saref. So does 
>>> this mean its turned off ? But anyway I did a
>>> ipsec saref = no just to make sure its off.
>> Ok
>>> 2. I changed the MTU to 1472 from the options.xl2tpd
>> I meant changing the mtu on the acual public interface. Leave the mtu 
>> for
>> the inside tunnel as specified in options.xl2tpd to 120-1300.
>>> 3. The iptables on the VPN server as far as IPSec/L2tp is concerned 
>>> is as follows
>>> -A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT
>>> -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 
>>> 500 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 
>>> 4500 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 
>>> 4500 -j ACCEPT
>> You can always reset the rules and try briefly to make sure it is a 
>> firewall
>> issue.
>> Paul
> ------------------------------------------------------------------------
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

Best Regards
Janantha Marasinghe

More information about the Users mailing list