[Openswan Users] About L2TP/IPSEC and Transport Mode
Trevor Benson
tbenson at a-1networks.com
Fri Mar 12 09:08:44 CET 2004
> this connection for L2TP use the Transport type connection, Is it
> mandatory? Can I use the Tunnel type in here? Many people prefer
Tunnel
> type.
I successfully connected with L2TP/IPsec without setting the mode to
transport in my tunnel.
> My thinking is : A road warrior client can access VPN server in DMZ
by
> L2TP/IPSEC, when it logon to VPN GW, it can be auth by user
management of
> win2000 server; after it logon, it can get a internal IP from win2000
> server, then it can access the internal resource by l2tp/ipsec.
> For my thinking, is my network plan right? Sorry, this is the first
time
> for me do such network plan with VPN, please you give me your
comments!
This is fine. As long as you have created X.509 keys for your mobile
roadwarriors, at least with openswan 1.0 I believe I read that Dynamic
IP does not work with PSK, my testing seemed to point that way too.
Yes as long as you configure the Win2k/XP L2TP/IPsec client properly you
get authenticated (full Kerberos from my tests) and a dynamic address
(through RRAS). If they are using dialups and your connection at the
main office is not T1, shares may take awhile and seem to freeze clients
while waiting on responces (could be XP talking to 2k3 server about
scheduled tasks added in though on my side).
Trevor Benson
More information about the Users
mailing list