[Swan] L2TP/IPSec connection/routing problems
David Harding
daveh225 at gmail.com
Mon Mar 23 19:45:14 EET 2015
I made some big progress this weekend and now have things working.
Not quite as I'd like, but they are working. It was indeed a routing
problem, but I've now got it working behind an old Belkin router,
which in turn sits behind my home network router. Currently it routes
all traffic over the VPN, and I'll be working to restrict it to just
the traffic I want and to just the remote server I need. But right
now I'm happy it all works!
forceencaps=yes was a big part of the trick, and then the routing
commands I was using (ip route add) weren't working for me, so I
switched from 'ip route' to just 'route' and it all dropped in to
place. I've written a couple of little startup and tear down scripts
to make life easier and now that I know it works I'll be looking at
improving and streamlining the whole process.
Thanks for all the great information in these lists and in the
libreswan documentation!
Dave
FYI here's my current set up:
# basic configuration
config setup
protostack=netkey
plutofork=no
# connections
conn CPH-VPN
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=yes
type=transport
forceencaps=yes
left=10.0.0.100
leftprotoport=17/1701
right=<public IP address of VPN server>
rightprotoport=17/1701
ike=3des-sha1;modp1024
phase2=esp
phase2alg=3des-sha1;modp1024
aggrmode=no
cisco_unity=yes
remote_peer_type=cisco
More information about the Swan
mailing list