[Openswan Users] xl2tpd not responding - why?
Willie Gillespie
wgillespie+openswan at es2eng.com
Tue Sep 7 18:44:30 EDT 2010
Troy Telford wrote:
> On 2010-09-07 14:53:45 -0600, Paul Wouters said:
>
>> On Tue, 7 Sep 2010, Willie Gillespie wrote:
>>
>>> Not sure if it will make a difference, but I have an "ipsec saref =
>>> yes" in my xl2tpd.conf file. That helps xl2tpd to work with NATted
>>> IPsec clients if I remember correctly.
>> You MUST use an saref patched kernel if setting that option, or else
>> all your packets will fail.
>
> If I read the documentation correctly, ipsec saref only works if you're
> using Openswan KLIPS. I've been using NETKEY.
>
> Part of me is wondering how much pain I'm inflicting on myself by using
> NETKEY... but I'm seeing the "IPsec SA established transport mode"
> message, so I'm thinking that the IPsec portion is working properly...
>
> Would switching from NETKEY to KLIPS have any real effect on the
> problems I've been seeing?
I use NETKEY and also that "ipsec saref" line in xl2tpd and have no
problems with it. I'm just using the default kernel with Ubuntu 10.04.1
LTS -- so I'm not sure if they have compiled in the patch or not.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6456 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20100907/c93b0a77/attachment.bin
More information about the Users
mailing list