[Openswan Users] l2tp

Jacco de Leeuw jacco2 at dds.nl
Mon May 15 18:31:38 CEST 2006


Peter Farrow wrote:

> I wanted to implement l2tp but didn't want to revert to a KLIPS 
> installation, neither do I want to mess around with patching kernels to 
> fix the broken NAT stuff, niether do I want to fiddle about with certificates.
> Is there an easy solution to this?

The 2.6 kernel series ship with NETKEY. You don't have to patch your kernel,
as long as you are using a fairly recent 2.6 version.

What do you mean with broken NAT stuff? The limitation that you currently
cannot use multiple clients behind the same NAT device or multiple clients
with the same internal IP address? It seems that only Cisco and Microsoft
offer products that support these scenarios, unfortunately.

Combining PSKs with NAT is probably not a good idea, regardless of the
server product that you use. I understand that there are security issues.
You are also sharing a secret key with others so if the key gets lost
or stolen, all your users will have to be informed of the new PSK.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list