[Openswan Users] openswan 2.6.35rc1 and xl2tpd-1.3.0rc1 pre-releases - please test

Curu Wong prinbra at gmail.com
Thu Jul 28 11:08:30 EDT 2011


Maybe this has nothing to do with xl2tpd.

I know that l2tp/ipsec will use transport mode. However, I managed to run
the server in tunnel mode. and let an Linux client( use openswan+ xl2tpd)
connect to the server, it works.

Then, when I change from tunnel mode to transport, connection failed(ipsec
tunnel still up, but never goes to l2tp).

Again, I tcpdump on mast0 interface. and find that when in transport mode,
the destination address packets from client has been changed to the internal
address of the server. thus I think. even this packet can goes to l2tpd, it
will never goes back to the client, because client never know the server's
internal address

on clientA.
ping GW(S.111.111.111)
========================================================================
22:53:28.841232 IP 192.168.9.106 > 192.168.11.19: ICMP echo request, id
53249, seq 1, length 64
22:53:29.838744 IP 192.168.9.106 > 192.168.11.19: ICMP echo request, id
53249, seq 2, length 64
22:53:30.840031 IP 192.168.9.106 > 192.168.11.19: ICMP echo request, id
53249, seq 3, length 64
22:53:31.843266 IP 192.168.9.106 > 192.168.11.19: ICMP echo request, id
53249, seq 4, length 64
========================================================================

by the way, I add this line to my previous config to make it work  in tunnel
mode
=============================
leftsubnet=S.111.111.111/32 #public IP of the gw
=============================

and add the public  IP as an alias interface

ip addr add S.111.111.111/32 dev eth0 label eth0:0

I don't know why in transport mode, the dst IP changed to l2tp/ipsec GW's
internal IP, the tcpdump when using tunnel mode shows  the public
IP(S.111.111.111) and that works fine.




2011/7/28 Paul Wouters <paul at xelerance.com>

> On Thu, 28 Jul 2011, Curu Wong wrote:
>
>  Now I am testing ipsec/l2tp with the server itself behind NAT. here's the
>> new network topology:
>>
>> clientA(192.168.9.106)----->**clientGWA(A.111.111.111)------**-->Server
>> GW(S.111.111.111)------>l2tp/**ipsec GW(192.168.11.19)
>>
>
>
>>  but, there's nothing happen to xl2tpd. the log just stops at this line:
>> ==============================**========================
>> Jul 28 14:38:13 tvpn xl2tpd[1660]: Listening on IP address 0.0.0.0, port
>> 1701
>>
>
> Specify the real IP address in listen-addr, do not let it default to ANY.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110728/4b758325/attachment.html 


More information about the Users mailing list