On Thu, 18 Sep 2014, Enrico Brunetta wrote:
I suspect it’s a routing/firewall issue, but I’m stuck trying to figure it out.
As I stated originally, I had configured the VPN gateway on AWS to use
pre-shared key like this:
my machine’s IP is 172.31.48.104
I wanted the l2tp to use 172.31.48.129 for the local IP and an IP range pool of
172.31.48.130-172.31.48.254
I would really recommend keeping the native IP and the L2TP IP pool
different or else all the machines involved are going to have a really
hard time figuring out when to arp or when to use IPsec.
conn vpnpsk
connaddrfamily=ipv4
auto=add
left=172.31.48.104
leftid=54.84.104.104
leftsubnet=172.31.48.104/32
leftnexthop=%defaultroute
leftprotoport=17/1701
rightprotoport=17/%any
right=%any
rightsubnetwithin=0.0.0.0/0
Don't use rightsubnetwithin or leftsubnet if this is L2TP because L2TP
at the IPsec layer is a host-to-host protocol. Within that layer you
will get assigned a new IP address via xl2tpd/pppd.
I think now that l2tp is out of the question, I might have to change my fw
rules?
It seems you're still configured for L2TP. I really recommend using
XAUTH instead, see:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
We are working in extending this to IKEv2, which means Windows will also
be able to use this type of configuration. L2TP is really dead
technology.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan