[Openswan Users] Setting leftsubnet stops xl2tpd from working
George Pollard
george at greenbutton.co.nz
Mon Aug 9 22:32:18 EDT 2010
On 10 August 2010 13:29, Willie Gillespie
<wgillespie+openswan at es2eng.com> wrote:
> Randy Wyatt wrote:
>>
>> What is the reason you want the leftsubnet? It works just fine without
>> it.
>
> Ah, that's right. L2TP handles the subnet in this case -- not Openswan.
> I do have
> rightsubnet=vhost:%priv,%no
> in one of my configurations though.
Ah ok, I was under the impression that you needed to specify
leftsubnet for packets to be forwarded to/from the subnet.
The fact that specifying it breaks x2ltpd was a bit of a red herring :)
So here's my setup:
My vpn server is not included in the subnet I was trying to specify as
leftsubnet (192.168.100.0/24). With xl2tpd I have specified a range of
IP addresses for clients in this subnet, and given the server 'local
ip' in the subnet (.127).
Now, when I connect with my client I can ping the 'local ip' address
(.127) that I specified, but I can't ping anything else on that
subnet. The packets are arriving on the vpn server (by watching
tcpdump -i ppp0). The subnet in turn can see the server with the .127
address, but cannot see me (at .128).
> George,
> If you cannot access anything in the subnet once connected, maybe make sure
> that your firewalls are allowing forwarding, such as:
> -A FORWARD -i ppp+ -j ACCEPT
At the moment I have disabled all firewall rules and have the default
-P FORWARD ACCEPT...
Regards,
- George
More information about the Users
mailing list