[Openswan Users] Problem in IPSEC L2TP connectivity

Paul Wouters paul at xelerance.com
Tue Sep 13 09:47:00 EDT 2011


On Tue, 13 Sep 2011, heta shah wrote:

> Thanks for reply,
> But when I am adding leftsourceip=192.168.5.X where X is my ip of other interface in server. At that time client can not establish VPN connection with server. At server side
> this error is coming on /var/log/auth.log file

> And I cannot add leftsubnet tag . When I am adding leftsubnet client cannot able to establish connection .
> Is any IPSEC version problem or some configuration problem.
> 
> ipsec --version
> Linux Openswan U2.6.35/K2.6.28.4-enjay (netkey)
> 
> xl2tpd --version
> 
> xl2tpd version:  xl2tpd-1.2.8

I did not realise you were using L2TP, sorry. You do not use a leftsourceip= for l2tp.

One way communication within l2tp is usually caused by

1) the L2TP server hands out a range that is not NATed and goes out to the internet, but
    replies cannot be received
2) the L2TP server is not the default gateway, and is not NATing, so replies never get back
    to it.
3) router or firewall is blocking the l2tp assigned range of addresses

Also check with "ipsec verify" if you see any issues.

Paul


> 
> On Mon, Sep 12, 2011 at 9:24 PM, Paul Wouters <paul at xelerance.com> wrote:
>       On Mon, 12 Sep 2011, heta shah wrote:
>
>             Please help me I am doing some error or not . I am facing this one way communication. Is any route add at server side is required
>             or not ?? My internal network is 192.168.5.0/24 and I want to apply remote network VPN client from this network . In this setup I
>             can communicate from client to server but I cannot communicate from server to client But still VPN connection is showing up.
> 
> 
> You should never attempt or need to add routes manually.
> 
> You might want to add on the server a leftsourceip=192.168.5.X (X is whatever IP your server has in that range)
> 
> Paul
> 
> 
> 
> 
> --
> Thanks and Regards.
> 
> Heta
> 
> 
> 
> 
> 
>


More information about the Users mailing list