[Openswan Users] OT IPSec -- L2TPD/Xauth
Erich Titl
erich.titl at think.ch
Tue Oct 16 06:06:22 EDT 2012
Hi Paul
at 16.10.2012 05:26, Paul Wouters wrote:
> On Mon, 15 Oct 2012, Erich Titl wrote:
>
> xl2tpd + openswan with the android ICS workaround patch works pretty
> well.
Thanks a lot for your reply. The main reason not to run L2TP on the
firewall is that all potential users have credentials on the M$
environment and I obviously don't want to replicate that information.
On the IPSEc Level I want to use X.509 Certificate authentication.
Looking at
https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd
A few questions pop up
- Do we need transport mode or can we just tunnel the L2TP data through
a tunnel mode IPSec conn?
- What is the left/rightprotoport parameter used for? I understand that
protocol 17 is UDP, but in a tunnel all protocols should be handled
equal, shouldn't they?
- Can we forward the L2TP udp stream to our internal DC, thus avoiding
the need for XL2TPD?
- Is there a description of the vhost:%priv... and virtual_private=...
stuff? I still have difficulty setting them in context.
Thanks
Erich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1877 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.openswan.org/pipermail/users/attachments/20121016/782da182/attachment.p7s>
More information about the Users
mailing list