As discussed in the forum: http://forum.ipfire.org/viewtopic.php?f=27&t=17438&p=103016&hilit=l2TP#p103016 We are trying to enable the use of a Windows RRAC VPN Host on our network by port forwarding L2TP and IPSec from Red to the server on green. Even after we have disabled IPSec and confirmed that StrongSwan is not running, we are still unable to establish a connection to the Windows server. I see no traffic being dropped while attempting a connection. If we remove IPFire and plug the Windows server directly into the external circuit, it works just fine.
I am wondering if one of these two options in /etc/strongswan.d/charon.conf is the solution to this problem, namely to tell Charon to only listen to one of the aliases on the red interface: "# A comma-separated list of network interfaces that should be ignored, if # interfaces_use is specified this option has no effect. # interfaces_ignore = # A comma-separated list of network interfaces that should be used by # charon. All other interfaces are ignored. # interfaces_use =" In other words, we currently have three addresses on the red interface, the main static IP and two aliases: red0, red0:0, and red0:1. If we wished to point the L2TP traffic to the IP associated with red0:1, and all normal IPSec traffic is pointed at red0, then either of these should work? interfaces_ignore = red0:1 or interfaces_use = red0 Thoughts? Tom
No if strongswan isn't running this shoudn't make any difference at all. Is this still an issue for you we should be spending time on or is this not relevant any more? If so, since you are the only user who ran into this, please close.
As you have pointed out elsewhere, IKEv2 is the new standard, so this is superfluous.
Perfect. Thanks.