[Openswan Users] Openswan + L2TP + Domain Controller?
Martin Spinassi
martins.listz at gmail.com
Tue Jun 30 08:47:15 EDT 2009
On Mon, 2009-06-29 at 22:54 +0200, Erich Titl wrote:
> Hi
>
> Martin Spinassi schrieb:
> > Hi list,
> >
> > I've been looking for the way of making a secure VPN with Ipsec/L2TP.
> > I've read some documentation at openswan web site, and a link I've found
> > googling around (http://www.jacco2.dds.nl/networking/openswan-l2tp.html)
> >
> > What I don't have very clear is that is possible to use a certificate to
> > authenticate to openswan, but what I also want is to check the
> > credentials using user/password and checking them in a MS Domain
> > Controller. This way looks pretty secure (something I have and something
> > I know), but couldn't find some documentation that tells it is
> > possible....
> > ¿Does exists what I'm looking for? ¿Have you tried it?
> > Any link or documentation is welcome!
>
> Being much of a M$ agnostic I believe the cleanest way is to just
> terminate the tunnel on your OpenSwan server and then forward L2TP
> traffic to M$ for them to do whatever they may have in their minds. That
> way you don't get between the lines in the M$ skirmishes.
>
> cheers
>
> Erich
Erich,
That is exactly what I'm trying to do. My only fear is that I don't know
if I can forward all the traffic to the l2tp service, becouse I don't
want to let anyone be inside the server or the net only with the ipsec
certificate, also the user must login with user/pass of the MS DC.
Cheers
Martín
More information about the Users
mailing list