Hi Paul,
Thanks as always for your response, you must have an oil tanker's worth
of karmic beer saved up...
well. I can use netcat to send a text file, and I can see output, so
I know he is listening...
I assume you fixed the listen address in xl2tpd.conf to the new IP?
Aye, but thanks for asking, wouldn't be the first time I did a rookie
mistake like that...
Usually what you decribe means firewalling problem, or no proper ipsec
saref = no in xl2tpd.conf (leaving the option out which defaults to no
caused different behaviour in some versions, so best to always explicitely
set it to no)
I tried the ipsec saref = no in my xl2tpd.conf, no change. I also setup
my iptables to log any udp packets dst 1701 on mangle prerouting and
input, as well as nat/prerouting, and filter/input. Using netkey, I
figured if l2tp is being decrypted, it should show up somewhere on the
path when it gets put back into iptables. But I got no log entries. I
take this to mean that if it is being blocked, it is being blocked while
still encrypted, but I can't really see how that could be possible...
Check rp_filter settings? If on, it might be dropping packets for you.
All interfaces are set to 0. Checked for some pesky martians, too, but
found none...
I tried loading libreswan and xl2ptd on the 2nd internet connection,
just to see what would happen, and discovered an oddness; it seems I
cannot ping from the 2nd connection to IP addresses within my ISP's
range. can ping the gateway and outside the service area. would seem
something routing-wise is wobbling, might be the source of the problem...
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
