[Openswan Users] ipsec/l2tp routing issues
Jeroen Beerstra
jb at scorpion77.cjb.net
Fri Dec 24 15:33:18 EST 2010
I'm sure I'm just doing something wrong or misread some instruction...
Here's the situation:
VPN: IPSec/L2TP PSK
Home: cable connection, dhcp but very long leases
Work: fiber, simular
Home: CentOS 5.5 with supplied openswan and xl2tp
Work: Draytek 2130N broadband router (linux based)
Network: CentOS->cable router->Draytek
The cable router doesn't have bridge mode, but is configured to
passthrough everything to the CentOS box without any filtering.
So basicly it's: internal ip->NAT->inet ip->inet ip
Took some time to figure out a working setup for the IPSec phase. In the
end left=%defaulroute leftsubnet=<my cable ip>/32 worked. Took a huge
amount of time to figure out why phase2 wasn't working for me.
In the end "ip xfrm policy" showed me it was a routing problem: somehow
openswan decided to take my inet ip and not my interface ip as a trigger
for encryption. Simply inserting simular rules for the internal ip got
things working in the end.
Would be nice if I didn't have to resort to bash magic to fix things
though. Second the connection is very slow, about 1Mbit max. Neither
centos nor dryatek seem overstressed and both inet connection can cary a
lot more (60/6 cable, 45/45 fiber). Should I blame the crappy cable
company supplied router or am I still not there yet?
TIA,
Jeroen Beerstra
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: SpamAssassinReport.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20101224/a853d183/attachment.txt
More information about the Users
mailing list