[Openswan Users] xl2tpd not responding - why?

Paul Wouters paul at xelerance.com
Tue Sep 7 19:04:02 EDT 2010

On Tue, 7 Sep 2010, Troy Telford wrote:

>>> Not sure if it will make a difference, but I have an "ipsec saref =
>>> yes" in my xl2tpd.conf file.  That helps xl2tpd to work with NATted
>>> IPsec clients if I remember correctly.
>> You MUST use an saref patched kernel if setting that option, or else
>> all your packets will fail.
> If I read the documentation correctly, ipsec saref only works if you're
> using Openswan KLIPS.  I've been using NETKEY.

That's right, you need to use klips with protostack=mast

> Part of me is wondering how much pain I'm inflicting on myself by using
> NETKEY... but I'm seeing the  "IPsec SA established transport mode"
> message, so I'm thinking that the IPsec portion is working properly...

Yes, that part is working. Be sure you are on 2.6.x and not 2.4.x though.

> Would switching from NETKEY to KLIPS have any real effect on the
> problems I've been seeing?

No, it should still work fine with netkey too. Except debugging is slightly
easier because you can tcpdump the ipsecX interface.


More information about the Users mailing list