[Openswan Users] l2tp + openswan in sarge
Paul Wouters
paul at xelerance.com
Tue May 9 21:10:45 CEST 2006
On Tue, 9 May 2006, Stefan Denker wrote:
> On Tue, May 09, 2006 at 06:14:38PM +0200, Paul Wouters wrote:
> > Yes, this uses X.509 certificates. Using PSK in combination with NAT will
> > not work easilly and you shouldn't try it.
>
> Would you elaborate this please? It's clear to me you shouldn't do it
> cause all clients need to have the same PSK, but I thought, for testing
> purposes they might do...
Virtual IP code dealing with PSK+NAT is broken in 2.4.x. For X.509 it works
better, as long as you don't try multiple l2tp clients behind the same NAT or
with the same internal IP behind different NAT's.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list