from everything we have seen, it looks clear that the l2tp traffic that
l2tpd send does not goes trough the tunnel. As you use KLIPS, you
require that routing is properly set. You should find the l2tpd reply on
your lan unprotected, if this is the case, then you have your problem.
On Thu, Jul 01, 2004 at 08:06:11PM +1000, Arya Abdian wrote:
> Also, added rightsubnet=vhost:%no,%priv (because there is always the
> possibility of some of the clients being NATed)
>
> Slackware is basically just plain vanilla linux with packages. The base linux
> kernel works fine with a slackware distribution.
>
> Arya
>
> On Thursday 01 July 2004 20:02, Jacco de Leeuw wrote:
> > Arya wrote:
> > > There is no NAT between the VPN server and the VPN client.
> >
> > Then you need to remove the rightsubnetwithin line. (Perhaps this is
> > ruining your routing?).
> >
> > > With regard to 'rightsubnetwithin=0.0.0.0/0' being insecure, we want the
> > > entire world to be able to access the VPN server.
> >
> > You misunderstand this parameter. right=%any already does this for you.
> >
> > > password to a radius. If we use rightsubnet=vhost:%no,%priv instead,
> > > would the box be open to the world?
> >
> > rightsubnet=vhost:%no,%priv is only needed when (some of the) clients
> > are NATed.
> >
> > > Current kernel 2.4.22 (distro is slackware 9.1)
> >
> > Never tested with Slackware myself, so YMMV.
> >
> > > Thanks a lot for your help (and well done on the freeswan/l2tpd
> > > documentation. I wouldn't be this far without it :))
> >
> > No problem!
> >
> > Jacco
--
--
-> Jean-Francois Dive
--> [EMAIL PROTECTED]
I think that God in creating Man somewhat overestimated his ability.
-- Oscar Wilde
