[Openswan Users] Setting leftsubnet stops xl2tpd from working

George Pollard george at greenbutton.co.nz
Mon Aug 9 22:32:18 EDT 2010

On 10 August 2010 13:29, Willie Gillespie
<wgillespie+openswan at es2eng.com> wrote:
> Randy Wyatt wrote:
>> What is the reason you want the leftsubnet?  It works just fine without
>> it.
> Ah, that's right.  L2TP handles the subnet in this case -- not Openswan.
> I do have
>  rightsubnet=vhost:%priv,%no
> in one of my configurations though.

Ah ok, I was under the impression that you needed to specify
leftsubnet for packets to be forwarded to/from the subnet.

The fact that specifying it breaks x2ltpd was a bit of a red herring :)

So here's my setup:

My vpn server is not included in the subnet I was trying to specify as
leftsubnet ( With xl2tpd I have specified a range of
IP addresses for clients in this subnet, and given the server 'local
ip' in the subnet (.127).

Now, when I connect with my client I can ping the 'local ip' address
(.127) that I specified, but I can't ping anything else on that
subnet. The packets are arriving on the vpn server (by watching
tcpdump -i ppp0). The subnet in turn can see the server with the .127
address, but cannot see me (at .128).

> George,
> If you cannot access anything in the subnet once connected, maybe make sure
> that your firewalls are allowing forwarding, such as:
> -A FORWARD -i ppp+ -j ACCEPT

At the moment I have disabled all firewall rules and have the default

- George

More information about the Users mailing list