Worth a shot :) rightsubnetwithin line is gone. ipsec restarted. no difference. same tcpdump info as before, same l2tpd debug info as before, same ipsec info as before.
Heres my routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface localnet * 255.255.255.192 U 0 0 0 eth0 localnet * 255.255.255.192 U 0 0 0 ipsec0 loopback * 255.0.0.0 U 0 0 0 lo default real-router-here 0.0.0.0 UG 1 0 0 eth0 Arya On Thursday 01 July 2004 20:02, Jacco de Leeuw wrote: > Arya wrote: > > There is no NAT between the VPN server and the VPN client. > > Then you need to remove the rightsubnetwithin line. (Perhaps this is > ruining your routing?). > > > With regard to 'rightsubnetwithin=0.0.0.0/0' being insecure, we want the > > entire world to be able to access the VPN server. > > You misunderstand this parameter. right=%any already does this for you. > > > password to a radius. If we use rightsubnet=vhost:%no,%priv instead, > > would the box be open to the world? > > rightsubnet=vhost:%no,%priv is only needed when (some of the) clients > are NATed. > > > Current kernel 2.4.22 (distro is slackware 9.1) > > Never tested with Slackware myself, so YMMV. > > > Thanks a lot for your help (and well done on the freeswan/l2tpd > > documentation. I wouldn't be this far without it :)) > > No problem! > > Jacco
