[Openswan Users] Routing with virtual network

Mike James mike.james at clutch.com
Tue Jan 21 15:49:50 EST 2014

I’m setting up an OpenSWAN endpoint for remote workers. Our office network is and some of our remote workers have the same network at home. I have xl2tp configured to hand out addresses in the network. I don’t understand what routes need to be in place.

root at vpn:~# cat /etc/xl2tpd/xl2tpd.conf
   ipsec saref = yes
   listen-addr =

[lns default]
   ip range =
   local ip =
   refuse chap = yes
   refuse pap = yes
   require authentication = yes
   ppp debug = yes
   pppoptfile = /etc/ppp/options
   length bit = yes

The tunnel is up:
000 #8: "L2TP-PSK-NAT"[5] STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2954s; newest IPSEC; eroute owner; isakmp#7; idle; import:not set
000 #8: "L2TP-PSK-NAT"[5] esp.b20af93 at esp.d6803493 at ref=0 refhim=4294901761

My remote IP is in the correct range:
mikes-mbp:~ mike$ ifconfig ppp0
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet --> netmask 0xffffff00

I can ping the “virtual” endpoint ( but nothing inside the network. I know it’s a routing problem – throwing in the “virtual” network is confusing to me. What routes do I need to add to the server?


Michael James
Sr. Network Engineer
267-419-6400, x204
mike.james at clutch.com
The Premiere loyalty, rewards, and gifting platform
for consumer-focused brands and retailers.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140121/47ec4d06/attachment.html>

More information about the Users mailing list