[Openswan Users] OpenSWAN + xl2tpd failing tunnel transmission
Paul Wouters
paul at xelerance.com
Mon Apr 18 16:38:43 EDT 2011
On Mon, 18 Apr 2011, Jim Lake wrote:
> As far as I can tell, my IPSec is coming up fine. The xl2tpd, though, can't seem to get a tunnel up and going. I have no idea what's wrong.
> # basic configuration
> config setup
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You should exclude the range used by your NATed server here (10.170.91.0/24 ?)
> conn L2TP
> authby=secret
> auto=add
> pfs=no
> type=transport
> rekey=no
>
> left=10.170.91.102
> leftid=50.18.124.10
> leftnexthop=%defaultroute
> leftprotoport=17/1701
>
> right=%any
> rightsubnet=vhost:%priv,%no,%all
> rightprotoport=17/0
> forceencaps=yes
I hope you don't have actual blanc lines there? That would mess things up.
Use rightprotoport=17/%any
> ----
> xl2tpd.conf
> ----
> [global]
> ipsec saref = no
> debug tunnel = yes
> debug avp = yes
> debug network = yes
> debug state = yes
Explicitely specify the listen-addr address in [global] in xl2tpd.conf? I
think you want:
listen-addr = 10.170.91.102
> [lns default]
> ip range = 172.16.1.100-172.16.1.200
> local ip = 172.16.1.1
These should then also be excluded from virtual_private=
> mtu 1410
> mru 1410
Note most clients use an mtu/mru of 1200 for L2TP.
Paul
More information about the Users
mailing list