Hi list! I've been looking for a solution for this for a few days, but couldn't find any solution. I've configured a VPN in a Debian box using openswan to do ipsec and l2tp, as it is pretty simple to implement on Windows and Mac users and it doesn't needs any 3rd party software. My problem is that openswan uses netkey for ipsec unless you patch the kernel to use klips, and netkey doesn't create an ipsec0 interface, and makes it really difficult to firewall things to l2tp, and having as a unique soltution (without compiling kernel), leaving l2tp port wide open. Here is a diagram, just for fun ;) MS-client ==== /ext interface/ Linux GW /internal interface/ ==== LAN What I see is that user completes ipsec auth, and then tries to connect to the l2tpd's port (7101) on the external interface, and then I must accept connections in that port, or the vpn connection fails. Any suggestions how to let connections on udp 1701 only to connections before authenticated by ipsec? Cheers Martin -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
