[Openswan Users] RES: RES: Openswan with L2TP

Paul Wouters paul at xelerance.com
Wed Sep 23 16:23:17 EDT 2009

On Wed, 23 Sep 2009, Giovani Moda wrote:

>>> What about mast?
>> Don't use that unless you are attempting to use the IPsec SAref
> tracking
>> kernel patch.
> That's the idea! I'd like to set this up in my lab to do some testing.

Then you *should* use protostack=mast. You should also add overlapip=yes
to your l2tp conn. And enable ipsec saref = yes in xl2tpd.conf.

Have a look at ng-patch/ or patches/ on the kernel patches we provided
in the past. You should no longer need the iproute2 patches.


More information about the Users mailing list