[Openswan Users] OpenSwan + xl2tpd not working

Willie Gillespie wgillespie+openswan at es2eng.com
Thu Aug 5 16:59:11 EDT 2010

You shouldn't forward port 1701 on the NAT device or it will allow L2TP to work without being inside an IPsec tunnel.  Instead the traffic should be decoded on the Openswan box (sounds like your tunnel is fine) and just go to the localhost.

This document may help you as well:


-----Original Message-----
From: Ghostryder at gmx.de
Sent: Thursday, August 5, 2010 3:09am
To: users at openswan.org
Subject: [Openswan Users] OpenSwan + xl2tpd not working

Hi all,

I'm trying to set up a VPN server using OpenSwan. For the configuration process I've used 


The server is running an Ubuntu system with Kernel 2.6.32. I've used xl2tpd again as described in the link above. It is worth mentioning that the VPN server is behind a NAT device (DSL router).

I've tried to connect from a Windows XP client and it seems that the IPSec is running fine as I'm getting the message "STATE_QUICK_R2: IPsec SA established transport mode". However, xl2tpd is just doing nothing. I've started the service using "xl2tpd -D" and it tells me that it's listening on which is the IP address of the VPN server behind NAT, so all fine. But even if the XP client tries "officially" to connect there happens nothing... I've tried various things but I have no clue why there is no traffic... On the firewall of the NAT device the ports 500, 4500 and 1701 are forwarded to 

Has anyone got an idea what could be the problem?

Thanks in advance!
Regards, hg 

GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Users at openswan.org
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan: 

More information about the Users mailing list