On Thu, 18 Sep 2014, Enrico Brunetta wrote:

I suspect it’s a routing/firewall issue, but I’m stuck trying to figure it out.

As I stated originally, I had configured the VPN gateway on AWS to use 
pre-shared key like this:

my machine’s IP is 172.31.48.104

I wanted the l2tp to use 172.31.48.129 for the local IP and an IP range pool of 
172.31.48.130-172.31.48.254

I would really recommend keeping the native IP and the L2TP IP pool
different or else all the machines involved are going to have a really
hard time figuring out when to arp or when to use IPsec.

conn vpnpsk
 connaddrfamily=ipv4
 auto=add
 left=172.31.48.104
 leftid=54.84.104.104
 leftsubnet=172.31.48.104/32
 leftnexthop=%defaultroute
 leftprotoport=17/1701
 rightprotoport=17/%any
 right=%any
 rightsubnetwithin=0.0.0.0/0

Don't use rightsubnetwithin or leftsubnet if this is L2TP because L2TP
at the IPsec layer is a host-to-host protocol. Within that layer you
will get assigned a new IP address via xl2tpd/pppd.

I think now that l2tp is out of the question, I might have to change my fw 
rules?

It seems you're still configured for L2TP. I really recommend using
XAUTH instead, see:

https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH

We are working in extending this to IKEv2, which means Windows will also
be able to use this type of configuration. L2TP is really dead
technology.

Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to