[Openswan Users] Cisco IP Redirect and L2TP

Peter McGill petermcgill at goco.net
Thu Dec 6 15:40:08 EST 2007


While I was able to get Windows IPSec/L2TP roadwarrior clients working
With our Openswan network, I have also since switched to OpenVPN for our
Windows roadwarrior clients and prefer it for that scenario.
Sorry if this is blasphemous.
I still use and love Openswan for our static office wan connections, but
Find OpenVPN more suited to the single user roadwarrior client scenario.
Some reasons in particular that stand out:
Using SSL it cares not about NATing between the hosts, and NATing is
Very common in home and other LANs.
It's much easier for the non-technical user to setup.
(I easily created an installer which does all the work for the end user.)

Peter McGill
 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Lars Behrens
> Sent: December 6, 2007 2:54 PM
> To: openswan
> Subject: Re: [Openswan Users] Cisco IP Redirect and L2TP
> 
> Hello, Nico,
> 
> finally, a good explanation, I guess - our cisco-admins told me that  
> ip redirect is used to define the best routing in case of a 
> digest of  
> routes (kind of OSPF). actually, here are no other gateways i.e.  
> routers between the cisco and our OpenSwan-gateway. totaly 
> strange: I  
> am managing another OpenSwan-gateway with L2TP-clients, there is "no  
> ip redirect" sat on a cisco and we have no problems at all. *but* we  
> sometimes experience problems with dial-up-clients when the packets  
> seem to be blocked by a firewall (where indeed no firewall *is*).
> 
> gateway-to-gateway-connections are *never*  affected, even if they  
> are taken the same route where roadwarriors cant connect.
> 
> Could be a problem with the ciscos blocking l2tp-packets on the way  
> from the OpenSwan-gateway to the roadwarrior (or vice versa) 
> - but why?
> 
> 
> in this special case, we are now switching to OpenVPN. looks like it  
> works very well. and, maybe not at least because of some problems  
> with L2tp-connections, our boss will decide to switch to a Cisco ASA  
> with Cisco-clients on the roadwarriorsystems i the not so far 
> future ...
> 
> 
> 
> anyway, thanx for the hints!
> 
> 
> 
> greetings
> 
> 
> 
> lars
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155



More information about the Users mailing list