Here is the policy configuration I use in day-to-day work: On server (10.0.0.1) side: setkey flush; setkey spdflush; setkey spdadd 10.0.0.1 10.0.0.0/8[1701] udp -P out \ ipsec esp/transport//require; setkey spdadd 10.0.0.0/8 10.0.0.1[1701] udp -P in \ ipsec esp/transport//require;
On client (10.0.0.2)side: setkey flush; setkey spdflush; setkey spdadd 10.0.0.2 10.0.0.1[1701] udp -P out \ ipsec esp/transport//require; setkey spdadd 10.0.0.1 10.0.0.2[1701] udp -P in \ ipsec esp/transport//require; Tip: For debugging it can be very useful to use AH instead of ESP, because you can then use tcpdump etc. to look *into* the tunnel. Bye Markus >----- ------- Original Message ------- ----- >From: Jacco de Leeuw <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Sent: Fri, 13 Feb 2004 16:51:06 > >Key Dof wrote: > >> the windows client sends ESP packets then the >server replies directly with > > echo reply (no esp) so i think it replies >outside the l2tp tunnel. > >Have you read Chris Andrew's page about using l2tpd >with KAME/racoon? >http://www.funknet.org/doc/tunnel/l2tp.html >
