You could use openl2tp instead of xl2tpd. I've used this on debian for
months with openswan and it works well. Multiple L2TP/IPsec clients
behind NAT works. Openl2tp's config files are different to xl2tpd -
openl2tp comes with its own cli with command completion etc.
-paul
Adrian F. Dimcev
Wow Lots of good responses in a hurry.
Thank you.
First, I have many systems and when somebody attacks, I want to close the
network off to that IP, not just a single machine. That implies that I can
not use IPTABLES directly. Though I did give thought to adding that type of
rule to all
My OSS app is trying to discover a Vyatta NE and is being tripped-up by the
lack of a sysServices OID (.1.3.6.1.2.1.1.7.0) in the mib.
Why does vyatta lack this OID while all other commercial NEs have this
included in their system mib?
As a work-around I've tried using snmpset to set the
Yes, it's not in the SNMP configuration file, but it's easy to fix.
As root, add to /etc/snmp/snmpd.conf:
sysServices 4
which shows that up to and including the internet layer is supported.
Then run
/opt/vyatta/sbin/snmpd.init restart
These are the commands for Glendale, but it'll either be
I'm not sure that is the correct sysServices value. I've always used
snmpconf to calculate the sysServices value.
I believe a better value is 76
1 = physical (e.g. repeater)
2 = datalink/subnetwork (e.g. bridges)
3 = internet (e.g., supports IP)
4 = end-to-end (e.g., supports TCP)
7 =