[Openswan Users] L2TP/IPSEC (finally)

Giovani Moda giovani at mrinformatica.com.br
Mon Nov 21 00:06:10 CET 2005


Well, it works. It was not KLIPS, MTU, MRU or firewall. It was my damn
router. UDP packet timeout was WAY too low, so packets encapsulated inside
UDP would never get to the client. At least not the big ones. By the way,
MTU 1360 and MRU 500 works with NAT-T also.

For reference, L2TP/IPSEC with Fedora Core 2 works. If there's any
interest from you guys, I have the kernel rpm (the latest released for
FC2) already patched and fully working with NAT-T and KLIPS. Unfortunally
I don't have a link good enough for sharing it, since it's an 17MB
package. So, if you want it and have the structure for sharing it, let me
know.

I'm using openswan-2.4.4, rp-l2tp (Jacco's rpm), ppp-2.4.2 (FC2 native),
radiusclient and freeradius (FC2 native), authenticating users into a
samba server using MS-CHAPv2. It was o LOT of work, but it seems to be
working now. rp-l2tp calls ppp with RADIUS, wich authenticates into samba
and provides the IP pool for the clients. They login and can only access
what samba allows them to. If theres any security consideration about that
setup, please, let me know.

Thanks again for all the help, patience and great work. I'll run some more
tests, specially about security. If it works ok, I'll let you know.

Giovani



More information about the Users mailing list