[Openswan Users] ipsec/l2tp routing issues

Jeroen Beerstra jb at scorpion77.cjb.net
Fri Dec 24 15:33:18 EST 2010

I'm sure I'm just doing something wrong or misread some instruction...

Here's the situation:


Home: cable connection, dhcp but very long leases
Work: fiber, simular

Home: CentOS 5.5 with supplied openswan and xl2tp
Work: Draytek 2130N broadband router (linux based)

Network: CentOS->cable router->Draytek

The cable router doesn't have bridge mode, but is configured to
passthrough everything to the CentOS box without any filtering.

So basicly it's: internal ip->NAT->inet ip->inet ip

Took some time to figure out a working setup for the IPSec phase. In the
end left=%defaulroute leftsubnet=<my cable ip>/32 worked. Took a huge
amount of time to figure out why phase2 wasn't working for me.

In the end "ip xfrm policy" showed me it was a routing problem: somehow
openswan decided to take my inet ip and not my interface ip as a trigger
for encryption. Simply inserting simular rules for the internal ip got
things working in the end.

Would be nice if I didn't have to resort to bash magic to fix things
though. Second the connection is very slow, about 1Mbit max. Neither
centos nor dryatek seem overstressed and both inet connection can cary a
lot more (60/6 cable, 45/45 fiber). Should I blame the crappy cable
company supplied router or am I still not there yet?


Jeroen Beerstra

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: SpamAssassinReport.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20101224/a853d183/attachment.txt 

More information about the Users mailing list