[Openswan Users] L2TP/IPsec X.509 and Dynamic RSA?

Peter McGill petermcgill at goco.net
Thu Nov 16 10:08:49 EST 2006


Ok, here is my setup.

I have 6 offices all connected together through the internet using openswan.
Currently openswan 2.4.6 on kernel 2.4.x, although I have no problem upgrading
openswan if neccessary, although I'd prefer not to upgrade the kernel to 2.6.x just
yet. (Mostly due to the time and work involved.)
They're connected in a mesh design, each office connecting to each of the other
offices, using the default RSA authentication method with static public ips.

In addition I have my home connected in the same way as a management point,
but it's a dynamic ip instead of static. At present most of my work is done from,
home so I need this connection working...

I want to add L2TP/IPSec X.509 connections for other users to have remote access.
It doesn't have to be L2TP/IPSec X.509, all I really want is free easy to setup connection,
for the other employee's, and since they all have Windows at home, L2TP/IPSec X.509
made sense. (No shared PSK solutions though, I want each user to have their own key or
password.)

But when I've tried in the past my home management connection has always gotten in
the way, they don't both seem to want to work, being both dynamic ips.

Can I get these to work cooperatively, or is it useless to try?
Could I perhaps do it, if I change my home to use an X.509 cert for authentication,
or do I have to completely redo the connection to use full L2TP/IPSec as well?

Peter McGill


More information about the Users mailing list