[Openswan Users] Cisco IP Redirect and L2TP
petermcgill at goco.net
Thu Dec 6 15:40:08 EST 2007
While I was able to get Windows IPSec/L2TP roadwarrior clients working
With our Openswan network, I have also since switched to OpenVPN for our
Windows roadwarrior clients and prefer it for that scenario.
Sorry if this is blasphemous.
I still use and love Openswan for our static office wan connections, but
Find OpenVPN more suited to the single user roadwarrior client scenario.
Some reasons in particular that stand out:
Using SSL it cares not about NATing between the hosts, and NATing is
Very common in home and other LANs.
It's much easier for the non-technical user to setup.
(I easily created an installer which does all the work for the end user.)
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of Lars Behrens
> Sent: December 6, 2007 2:54 PM
> To: openswan
> Subject: Re: [Openswan Users] Cisco IP Redirect and L2TP
> Hello, Nico,
> finally, a good explanation, I guess - our cisco-admins told me that
> ip redirect is used to define the best routing in case of a
> digest of
> routes (kind of OSPF). actually, here are no other gateways i.e.
> routers between the cisco and our OpenSwan-gateway. totaly
> strange: I
> am managing another OpenSwan-gateway with L2TP-clients, there is "no
> ip redirect" sat on a cisco and we have no problems at all. *but* we
> sometimes experience problems with dial-up-clients when the packets
> seem to be blocked by a firewall (where indeed no firewall *is*).
> gateway-to-gateway-connections are *never* affected, even if they
> are taken the same route where roadwarriors cant connect.
> Could be a problem with the ciscos blocking l2tp-packets on the way
> from the OpenSwan-gateway to the roadwarrior (or vice versa)
> - but why?
> in this special case, we are now switching to OpenVPN. looks like it
> works very well. and, maybe not at least because of some problems
> with L2tp-connections, our boss will decide to switch to a Cisco ASA
> with Cisco-clients on the roadwarriorsystems i the not so far
> future ...
> anyway, thanx for the hints!
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users