[Swan] L2TP/IPSec connection/routing problems

David Harding daveh225 at gmail.com
Mon Mar 23 19:45:14 EET 2015


I made some big progress this weekend and now have things working.
Not quite as I'd like, but they are working.  It was indeed a routing
problem, but I've now got it working behind an old Belkin router,
which in turn sits behind my home network router.  Currently it routes
all traffic over the VPN, and I'll be working to restrict it to just
the traffic I want and to just the remote server I need.   But right
now I'm happy it all works!

forceencaps=yes was a big part of the trick, and then the routing
commands I was using (ip route add) weren't working for me, so I
switched from 'ip route' to just 'route' and it all dropped in to
place.  I've written a couple of little startup and tear down scripts
to make life easier and now that I know it works I'll be looking at
improving and streamlining the whole process.

Thanks for all the great information in these lists and in the
libreswan documentation!

Dave

FYI here's my current set up:

# basic configuration
config setup
        protostack=netkey
        plutofork=no

# connections
conn CPH-VPN
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        rekey=yes
        type=transport
        forceencaps=yes

        left=10.0.0.100
        leftprotoport=17/1701
        right=<public IP address of VPN server>
        rightprotoport=17/1701

        ike=3des-sha1;modp1024
        phase2=esp
        phase2alg=3des-sha1;modp1024
        aggrmode=no

        cisco_unity=yes
        remote_peer_type=cisco


More information about the Swan mailing list