[Openswan Users] L2TP problem with OpenSWAN 2.6.x after changing default route
Nels Lindquist
nlindq at maei.ca
Tue Jul 12 17:32:08 EDT 2011
Hi, all.
I'm using OpenSWAN (NETKEY) on a gateway with multiple external
interfaces, and OpenSWAN is configured to use one of them. For
operational reasons we sometimes switch the default route from the
primary interface (used for IPSEC) to the secondary interface. When
using OpenSWAN 2.4.x, there are no issues; all tunnels continue to
operate normally and any new connections, L2TP or otherwise, are
initiated and function normally.
I tried upgrading to 2.6.x (most recently tried 2.6.33 and 2.6.34),
which generally works the same way *except* that any new L2TP
connections attempted while the default route is not the interface used
for IPSEC, the L2TP tunnel fails. (The IPSEC transport mode connection
is still created properly). L2TP connections work perfectly well as
long as the default route is the same as "left".
I've tried overriding most of the magic values with specific values for
listen, left and leftnexthop, but that makes no difference.
I'm still using xl2tpd version 1.1.2 as the gateway in question is
CentOS 4 and the kernel isn't new enough to build the xl2tpd 1.2.x series.
I've attached excerpts from the pppd log showing the L2TP connection
success and failure modes.
Any suggestions or even explanations greatly appreciated!
Nels Lindquist
-------------- next part --------------
A non-text attachment was scrubbed...
Name: l2tp-fail.txt.gz
Type: application/x-gzip
Size: 633 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110712/78868681/attachment.gz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: l2tp-success.txt.gz
Type: application/x-gzip
Size: 1640 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110712/78868681/attachment-0001.gz
More information about the Users
mailing list