[Openswan Users] "cannot install eroute" occurs for Mac OSX users behind same NAT (v2.6.33)

Richard Schmidt huntingtonsurfca at gmail.com
Thu May 19 10:05:54 EDT 2011

On May 18, 2011, at 3:53 PM, Brian Mastenbrook wrote:

> On May 18, 2011, at 2:46 PM, Brian Mastenbrook wrote:
>> I'm using openswan 2.6.33 and xl2tpd 1.2.7 on Ubuntu Lucid (10.04 LTS) with kernel 2.6.32-31-server, and I don't seem to have this issue. I can connect multiple Snow Leopard and iOS 4.x clients from behind the same NAT. I'm using PSK for IPsec. Reconnection of clients is handled by dead peer detection (DPD).
> Correction: it's a patched xl2tpd 1.2.7 that should be equivalent to 1.2.8.

I'm using OpenSwan v.2.6.33 and xl2tpd v1.2.8 on Ubuntu 10.10 with 2.6.35-28-generic kernel. Both OpenSwan and Xl2tpd were built from source. Xelerence only links the latest release (v1.2.8).

The previous package I was using was from Ubuntu package manager 1.2.6+dfsg-1 which (I think) was upgraded when I did the `make install` after making the 1.2.8 source. I also tried a complete removal of the Ubuntu package and make install from 1.2.8 source but it didn't create any of the required folders or made an appropriate link in /etc/init.d/ from which to stop/start/restart things for testing. If you think that this could be my issue, I'd really appreciate a little help getting the 1.2.8 source to hook into Ubuntu cleanly other than my previous method of upgrading an existing package from source.

Other than that I'm using pretty much exactly the same configs you are (w dpd). The only difference is that I have a passthrough connection in addition to the l2tp-psk-nat/noNat connections, and options.xl2tpd has "noipx" in it. Niether of which will probably be the solution I'm looking for.

It's good to know that you have a working platform for this problem, though. I have high hopes that this issue can be resolved!

Richard Schmidt

More information about the Users mailing list