[Openswan Users] NEWBIE: How to set-up a L2TP/IPSEC server for linux

Paul Wouters paul at xelerance.com
Fri Sep 22 00:29:49 EDT 2006

On Fri, 22 Sep 2006, Denis Hawkins wrote:

> This might be a silly question, but what do you mean by "mtu".

Maximum Transfer Unit of a network interface, eg:

ifconfig eth0 mtu 1472

> Here is my planned network (For testing) with no Nat.
> xp_host_inside---------switch-------Linuxserver--------switch----------xp_host_outside
> Will the setup work well for Pre share key setup?

You cannot use l2tp from within the same subnet as you are giving out the
l2tp IP addresses. Make sure your l2tp IP addresses are a seperate range,
and then "inside" and "outside" really both become "outside.

PSK with NAT-T is horrible. Windows 2000 does not support PSK. All roadwarriors
need the same PSK, so if one laptop is stolen, you need to reconfigure all
the others. Use X.509 instead.

> When I install these packages, do I need to setup the IPSEC.conf
> in some way to use L2TPD?

Yes, see /etc/ipesc.examples/l2tp*

> Is PPPD the same program as PPP? or do I need to install
> a PPPD program.

The package is called "ppp". It contains the daemon "pppd".

> How do I go about installing KlIPS for my openswan 2.4.6 on Suse 10.1?
> Are there links to downloads this?

We do not have suse rpms. You can try and download the openswan source in
/usr/src/packages/SOURCES, untar it and run:
 rpmbuild -ba /usr/src/packages/SOURCES/openswan-2.4.6/packaging/redhat/openswan.spec --define 'buildklips 1'


More information about the Users mailing list