[Openswan Users] IPsec/L2TP VPN on Ubuntu 10.04 using Openswan version U2.6.23/K2.6.32-24-generic and xL2TP v1.2.7
Paul Wouters
paul at xelerance.com
Mon Oct 4 21:41:56 EDT 2010
On Mon, 4 Oct 2010, Adam Crane wrote:
> Is there any benefit of l2tp authorisation over an IPsec tunnel? it seems a
> little overkill but there must be a reason for it's existence.
No :) Put it in the pile next to PPTP :)
> For future reference and search engine crawlers below is my working config
> for:
Thanks for sharing that!
> Now I need to move to using the RSA certificate... first of all how to
> install it to the phone..
I don't know the gui of android for that. I think they also run racoon, not
openswan. But they do support X.509. Not sure how you can import it. Normally,
this is done with a pkcs#12 file (.p12).
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
> left=192.168.1.100
You will want to add %v4:!192.168.1.0/24 to your virtual_private to deny that range,
as an IP address can not live on both sides of the tunnel.
>
> right=%any
> rightsubnet=vhost:%no,%priv
> rightprotoport=17/1701
you probably want 17/%any to allow all Windows, OSX clients to connect.
> forceencaps=yes
That should not be neccessary, esp if you allow non-NAT'ed clients via "%no".
> # client server secret IP addresses
> * * "testpass" *
Note this only works for 1 client, not multiple ones. They will likely "replace"
each other? And you should be assigning an IP address here?
Paul
More information about the Users
mailing list