[Openswan Users] Openswan finally refuses connection during or after phase 2

thomas4437 at gmx.de thomas4437 at gmx.de
Sat Oct 29 15:21:47 EDT 2011

> If you assigned some new "private IP" with L2TP, you need to make sure
> that that IP can talk to the world, you possible have to NAT it on the way out.

Hi Paul,

thanks for you looking into this as well!

I might be better off searching for specific l2tpns support now but I think this topic is pretty much generic. Which makes this as off-topic as any l2tpns issue.

Since I'm pretty much new to all of this I'm easily confused and scared by all of these daemons. I thought their configurations would take care of the appropriate routing by themselves - can't tell how often I typed gateway and subnet addresses ... Am I wrong on that, you always have to provide the extra routing/bridging/forwarding by yourself?

tcpdumpin' tun0 I can see the packets arriving from my remote iPod which is in the same private subnet as everything else in this setup so NAT should not be necessary if I'm right on anything.
tcpdump on eth1 and on the machine hosting the virtual VPN server outputs nothing. So the packets are dropped somewhere inside the VPN server.

iPod and server can ping (and possibly do much more to) each other via the IPsec transport channel though. Trying to ping my iPod from another host on the subnet does not work so the broken connection beyond tun0 is both ways.

I tried setting up a static route and also creating an iptables rule but didn't succeed on that. I'm sure there's not missing much to bridge these two interfaces...

I gave xl2tpd a quick and unsuccessful try, too.

Anyone with a suggestion?

Thanks and cheers,
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

More information about the Users mailing list