[Openswan Users] Replace RRAS

Serge Fonville serge.fonville at gmail.com
Wed Apr 16 05:52:00 EDT 2008 

I have come a little closer

Additionally I installed ppp and pptp
I defined users in chap-secrets
and created a connection in wondows vista, everything now works as
expected, except for a few things.

I cannot find any information on how to use dhcp over the connection,
nor does it seem possible to login using local users.

Exccept from that, I am only slightly disappointed I couldn't get l2tp
to work (which seems to be related that it is not possible top have
nat at both ends)

On Tue, Apr 15, 2008 at 1:01 PM, Serge Fonville
<serge.fonville at gmail.com> wrote:
> Hi,
> I posted about this in the past, but wasn't exactly clear on whatI meant.
> I am currently running gentoo.
> I did 'emerge xl2tpd openswan ipsec-tools iptables'
> I added all kernel components (statically) and 'ipsec verify' gives:
> Checking your system to see if IPsec got installed and started correctly:
>        Version check and ipsec on-path                         [OK]
>        Linux Openswan U2.4.9/K2.6.24-gentoo-r4 (netkey)
>        Checking for IPsec support in kernel                    [OK]
>        NETKEY detected, testing for disabled ICMP send_redirects       [OK]
>        NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
>        Checking for RSA private key (/etc/ipsec/ipsec.secrets) [OK]
>        Checking that pluto is running                          [OK]
>        Two or more interfaces found, checking IP forwarding            [OK]
>        Checking NAT and MASQUERADEing                  [OK]
>        Checking for 'ip' command                               [OK]
>        Checking for 'iptables' command                         [OK]
>        Opportunistic Encryption Support                        [DISABLED]
>
> I ran 'ipsec newhostkey --output /etc/ipsec/ipsec.secrets --bits 2048'
> I read the following:
> http://gentoo-wiki.com/HOWTO_OpenSwan_2.6_kernel
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
>
> What I want:
> To be able to connect from a Windows XP/Vista client while
> atomatically obtaining all the required information (PSK/Certificates)
> Both left and right are behind nat.
> I want to be able to access the entire subnet from the windows client
> The client should receive a VPN ip form the dhcp server in the other
> subnet (which currently runs on another machine (moving is an option
> if absolutely necessary)
> The user should login with an Linux user (some would get /sbin/nologin as shell)
>
> Based on what I read this should be possible, but I have no idea where
> to go from here
>
> Any advice or steps to take would be greatly appreciated
>
> If I learn anything new meanwhil I will post them here
>
> Thanks a lot in advance
>

More information about the Users mailing list