[Openswan Users] openswan (klips): routing problems with Transport mode

[Majid Khonji]

Dear all,

MY goal is to run l2tp over IPsec, however, some packets from the xl2tpd
server are not appearing in ipsec0 interface (but corresponding esp are seen
in eth0).
I tried to simplify the expirement:

on the server I run: nc -l -u -p 9999
on a natted client i run: nc -u server_IP 9999

I tried these command on both tunnel & transport modes (some times I let the
client listen on port 9999). The problem is, when using transport mode,
ipsec0 is not showing everything, and therefore applications layer can't
exchange protocols consistently. Sometimes ping works but
this experiment shows inconsistency.

My network is like the following:

local server (10.0.0.xx) <====> NAT router (Public IP) <==> internet <====>
NAT router <===> Road warrior (mobile)

Many mobile clients use Transport mode, therefore I need this fixed up.

Please help me ASAP


Here is my ipsec.conf

version 2.0

config setup
        nat_traversal=yes
        virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24
        oe=off
        protostack=klips

conn %default
        type=tunnel
        keyingtries=3
        overlapip=yes
        forceencaps=yes

        left=10.0.0.105
        leftid=majid.mooo.com
        leftsubnet=10.0.0.0/24
        leftnexthop=%defaultroute
        right=%any
        rightnexthop=%defaultroute
        rightsubnet=vhost:%no,%priv
        authby=secret
        pfs=no

        rekey=no

conn road
        auto=add


-- 
Regards,

Majid Khonji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100701/070ad7c9/attachment-0001.html