[Openswan Users] OT IPSec -- L2TPD/Xauth
erich.titl at think.ch
Tue Oct 16 06:06:22 EDT 2012
at 16.10.2012 05:26, Paul Wouters wrote:
> On Mon, 15 Oct 2012, Erich Titl wrote:
> xl2tpd + openswan with the android ICS workaround patch works pretty
Thanks a lot for your reply. The main reason not to run L2TP on the
firewall is that all potential users have credentials on the M$
environment and I obviously don't want to replicate that information.
On the IPSEc Level I want to use X.509 Certificate authentication.
A few questions pop up
- Do we need transport mode or can we just tunnel the L2TP data through
a tunnel mode IPSec conn?
- What is the left/rightprotoport parameter used for? I understand that
protocol 17 is UDP, but in a tunnel all protocols should be handled
equal, shouldn't they?
- Can we forward the L2TP udp stream to our internal DC, thus avoiding
the need for XL2TPD?
- Is there a description of the vhost:%priv... and virtual_private=...
stuff? I still have difficulty setting them in context.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1877 bytes
Desc: S/MIME Kryptografische Unterschrift
More information about the Users