[Openswan Users] OT IPSec -- L2TPD/Xauth

Erich Titl erich.titl at think.ch
Mon Oct 15 17:40:36 EDT 2012

Hi Folks

I am faced with the problem to build access ways into or company network
for a variety of mobile devices. You all may have seen this.

The IPSec Gateway is a Linux based embedded System with OpenSwan 2.6.37.
We are using such devices for IPSec connections to remote sites for
nearly a decade and are pretty satisfied.

Enter the Road Warrior.....

With a simple netbook with M$ Windoze this is easy, just install
Shrewsofts Access Manager, define a connection and off you go.

Next candidate is Android and here is where trouble starts. It appears
there is no way to get a 'simple' IPSec connection. The same appears to
go for IOS. Rooting those devices to provide IPSec only is not an option.

Both platforms provide some sort of IPSEC with L2TP or XAUTH
schemes.Google shows many articles about these 2 solutions, but also
concerns though about the safety of XAUTH and it appears that L2TPD on
LINUX is a rotting carcass. Also I don't really want to mess up my
gateway with too many software products.

So I am basically left with the 2 options above, but don''t want to
handle all of this on the gateway, one solution appears reasonable

- leave IPSec on the gateway
- forward Port 1701 traffic to an internal DC/Gateway to be handled there

The above might also be used for the XP and possibly Win7 platforms
ative IPSec implementations. Is this a sensible scenario and if so,
could someone shed some light on the protocols to be handled where, by
whom and when?


Erich Titl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1877 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.openswan.org/pipermail/users/attachments/20121015/46259176/attachment.p7s>

More information about the Users mailing list