[Openswan Users] xl2tpd not responding - why?

Willie Gillespie wgillespie+openswan at es2eng.com
Tue Sep 7 18:44:30 EDT 2010


Troy Telford wrote:
> On 2010-09-07 14:53:45 -0600, Paul Wouters said:
> 
>> On Tue, 7 Sep 2010, Willie Gillespie wrote:
>>
>>> Not sure if it will make a difference, but I have an "ipsec saref = 
>>> yes" in my xl2tpd.conf file.  That helps xl2tpd to work with NATted 
>>> IPsec clients if I remember correctly.
>> You MUST use an saref patched kernel if setting that option, or else 
>> all your packets will fail.
> 
> If I read the documentation correctly, ipsec saref only works if you're 
> using Openswan KLIPS.  I've been using NETKEY.
> 
> Part of me is wondering how much pain I'm inflicting on myself by using 
> NETKEY... but I'm seeing the  "IPsec SA established transport mode" 
> message, so I'm thinking that the IPsec portion is working properly...
> 
> Would switching from NETKEY to KLIPS have any real effect on the 
> problems I've been seeing?

I use NETKEY and also that "ipsec saref" line in xl2tpd and have no 
problems with it.  I'm just using the default kernel with Ubuntu 10.04.1 
LTS -- so I'm not sure if they have compiled in the patch or not.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6456 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20100907/c93b0a77/attachment.bin 


More information about the Users mailing list