[Openswan Users] Securing L2TP when using Netkey
baron.openswan at mailnull.com
baron.openswan at mailnull.com
Tue Mar 6 08:36:58 EST 2007
Hello folks,
I've recently managed to get the following combination of things working properly to the point where a roadwarrior can successfully connect to my network just as if they were internal clients. However, one things keeps bugging me and that's the fact that the only way I can seem to make things work is to have the L2TP daemon listening on my external interface.
Here's the environment:
O/S: Ubuntu Edgy (2.6.17-11)
Openswan: 2.4.5 (ubuntu package)
L2TP: 0.70 (ubuntu package)
Network:
ppp0 (my.public.ip.address)
eth1 (192.168.1.0/24)
eth2 (192.168.2.0/24)
eth3 (192.68.3.0/24)
ppp1 (192.168.100.0/24) <-- Created upon established vpn session
The network I'm protecting is 192.168.1.0/24. I want roadwarriors to get a 192.168.100.0/24 address. In my current config, that all works fine, except like I mentioned, I don't like having the L2TP daemon listening on my ppp0 interface.
Based on what I've ready, I understand that KLIPS supports ipsec style intefaces and Netkey does not. My question to you folks is whether or not there is a reasonable way to protect my L2TP daemon without using KLIPS.
I've seen a few people recommend some special iptables rules, but haven't seen any that really address my configuration.
Any help would be appreciated. Thanks in advance!
----------
This message was sent from a MailNull anti-spam account. You can get
your free account and take control over your email by visiting the
following URL.
http://mailnull.com/
More information about the Users
mailing list