[Openswan Users] l2tp
norman at rasmussen.co.za
Mon May 15 20:15:28 CEST 2006
On 5/15/06, Jacco de Leeuw <jacco2 at dds.nl> wrote:
> The 2.6 kernel series ship with NETKEY. You don't have to patch your kernel,
> as long as you are using a fairly recent 2.6 version.
> What do you mean with broken NAT stuff? The limitation that you currently
> cannot use multiple clients behind the same NAT device or multiple clients
> with the same internal IP address? It seems that only Cisco and Microsoft
> offer products that support these scenarios, unfortunately.
> Combining PSKs with NAT is probably not a good idea, regardless of the
> server product that you use. I understand that there are security issues.
> You are also sharing a secret key with others so if the key gets lost
> or stolen, all your users will have to be informed of the new PSK.
I've got debian's openswan 1:2.4.5-3 working with the server behind
NAT. I'm using kernel 2.6.12-1-686. I didn't have to apply any
patches, and I'm using PSKs.
I'm _NOT_ connecting with multiple clients behind NAT gateways, I'm
only using it for a single connection, so I haven't checked that stuff
If you want a solution that is guaranteed to work, why not donate to
the xelerance guys, I hear they are looking for ~$55,000US in
donations to release their NAT/l2tpd work.
btw: I approve of the way the xelerance guys are doing this, even
though the OSS comunity would like the code _now_, xelerance need to
earn some money for food and living. When the people who _want_ NAT
support so desperately have paid their bills, then the rest of us can
get it for free.
OpenSource/Free Software != Free as in beer. Come on guys those who
want this support, should donate a little to xelerance. If enough
people donate (even a little bit), just imagine how much money could
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users