[Openswan Users] RES: RES: Openswan with L2TP
Paul Wouters
paul at xelerance.com
Wed Sep 23 16:23:17 EDT 2009
On Wed, 23 Sep 2009, Giovani Moda wrote:
>>> What about mast?
>
>> Don't use that unless you are attempting to use the IPsec SAref
> tracking
>> kernel patch.
>
> That's the idea! I'd like to set this up in my lab to do some testing.
Then you *should* use protostack=mast. You should also add overlapip=yes
to your l2tp conn. And enable ipsec saref = yes in xl2tpd.conf.
Have a look at ng-patch/ or patches/ on the kernel patches we provided
in the past. You should no longer need the iproute2 patches.
Paul
More information about the Users
mailing list