[Openswan Users] Openswan + L2TP + Domain Controller?
Martin Spinassi
martins.listz at gmail.com
Tue Jun 30 13:39:14 EDT 2009
On Tue, 2009-06-30 at 11:25 -0400, Paul Wouters wrote:
> On Tue, 30 Jun 2009, Martin Spinassi wrote:
>
> >> Being much of a M$ agnostic I believe the cleanest way is to just
> >> terminate the tunnel on your OpenSwan server and then forward L2TP
> >> traffic to M$ for them to do whatever they may have in their minds. That
> >> way you don't get between the lines in the M$ skirmishes.
>
> > That is exactly what I'm trying to do. My only fear is that I don't know
> > if I can forward all the traffic to the l2tp service, becouse I don't
> > want to let anyone be inside the server or the net only with the ipsec
> > certificate, also the user must login with user/pass of the MS DC.
>
> that should work fine, and since l2tp just wraps pppd, there is nothing
> the user can do without being authenticated first, due to the "protoport"
> traffic selector on IPsec. They can only send ipsec/l2tp packets until
> they are authenticated by pppd, at which point they can send packets with
> the assigned IP.
>
> Paul
Thank you Paul. I have a more clarified perspective in how does it
works. With some (and a little more) lucky, I'll have it ready today.
Thanks to all!
Cheers
Martin
More information about the Users
mailing list