[Openswan Users] OT IPSec -- L2TPD/Xauth

Erich Titl erich.titl at think.ch
Tue Oct 16 06:06:22 EDT 2012

Hi Paul

at 16.10.2012 05:26, Paul Wouters wrote:
> On Mon, 15 Oct 2012, Erich Titl wrote:
> xl2tpd + openswan with the android ICS workaround patch works pretty
> well.

Thanks a lot for your reply. The main reason not to run L2TP on the
firewall is that all potential users have credentials on the M$
environment and I obviously don't want to replicate that information.

On the IPSEc Level I want to use X.509 Certificate authentication.

Looking at

A few questions pop up

- Do we need transport mode or can we just tunnel the L2TP data through
a tunnel mode IPSec conn?

- What is the left/rightprotoport parameter used for? I understand that
protocol 17 is UDP, but in a tunnel all protocols should be handled
equal, shouldn't they?

- Can we forward the L2TP udp stream to our internal DC, thus avoiding
the need for XL2TPD?

- Is there a description of the vhost:%priv... and virtual_private=...
stuff? I still have difficulty setting them in context.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1877 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.openswan.org/pipermail/users/attachments/20121016/782da182/attachment.p7s>

More information about the Users mailing list