[Openswan Users] xl2tpd not responding - why?
paul at xelerance.com
Tue Sep 7 19:04:02 EDT 2010
On Tue, 7 Sep 2010, Troy Telford wrote:
>>> Not sure if it will make a difference, but I have an "ipsec saref =
>>> yes" in my xl2tpd.conf file. That helps xl2tpd to work with NATted
>>> IPsec clients if I remember correctly.
>> You MUST use an saref patched kernel if setting that option, or else
>> all your packets will fail.
> If I read the documentation correctly, ipsec saref only works if you're
> using Openswan KLIPS. I've been using NETKEY.
That's right, you need to use klips with protostack=mast
> Part of me is wondering how much pain I'm inflicting on myself by using
> NETKEY... but I'm seeing the "IPsec SA established transport mode"
> message, so I'm thinking that the IPsec portion is working properly...
Yes, that part is working. Be sure you are on 2.6.x and not 2.4.x though.
> Would switching from NETKEY to KLIPS have any real effect on the
> problems I've been seeing?
No, it should still work fine with netkey too. Except debugging is slightly
easier because you can tcpdump the ipsecX interface.
More information about the Users