Re: IPSec and L2TP
Andrew, Look at these 2 sites: http://www.natecarlson.com/linux/ipsec-x509.php http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#L2TPoverview You probebly need something like this in your ipsec.conf In the basic config:nat_traversal=yes and in the connection configs: rightprotoport=17/1701 leftprotoport=17/1701 This is were the windows l2tp client connects to. Good luck, Koen Andrew Miehs wrote: I have now managed to get the whole thing working with x509 keys... This all works if I use two public IP addresses. If my client however, is behind a NATing gateway, the whole thing falls over. I am running XP sp 2 and have enabled AssumeUDPEncapsulationContextOnSendRule. I have also added the following lines to my racoon.conf... isakmp_natt a.b.c.d [4500]; and nat_traversal force; but this still doesn't seem to want ot force natt - doing tcpdumps, I do not see windows try and connect to port 4500 udp - what am I doing wrong? Thanks Andrew Have you taken a look at http://www.ipsec-howto.org/ ? It's a pretty good (IMHO) and hands-on HOWTO that contains example configuration files for isakmpd and racoon. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IPSec and L2TP
I have now managed to get the whole thing working with x509 keys... This all works if I use two public IP addresses. If my client however, is behind a NATing gateway, the whole thing falls over. I am running XP sp 2 and have enabled AssumeUDPEncapsulationContextOnSendRule. I have also added the following lines to my racoon.conf... isakmp_natt a.b.c.d [4500]; and nat_traversal force; but this still doesn't seem to want ot force natt - doing tcpdumps, I do not see windows try and connect to port 4500 udp - what am I doing wrong? Thanks Andrew Have you taken a look at http://www.ipsec-howto.org/ ? It's a pretty good (IMHO) and hands-on HOWTO that contains example configuration files for isakmpd and racoon. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IPSec and L2TP
Op zo, 19-12-2004 te 21:14 +0100, schreef Andrew Miehs: > Hi all, > > Has anyone managed to get L2TP, IPSec, racoon, running in a road > warrior setup with XP using pre-shared keys. (Or can I not used > pre-shared keys for roadwarriro setups) > > Sample files would be really helpfully, especially Have you taken a look at http://www.ipsec-howto.org/ ? It's a pretty good (IMHO) and hands-on HOWTO that contains example configuration files for isakmpd and racoon. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IPSec and L2TP
On So, 19.12.2004, 21:14, Andrew Miehs sagte: > Hi all, > > Has anyone managed to get L2TP, IPSec, racoon, running in a road > warrior setup with XP using pre-shared keys. (Or can I not used > pre-shared keys for roadwarriro setups) For XP/w2k you would need third party software to use PSKs. Self issued certificates would be a better solution and it works with XP/w2k! Don't know about L2TP in this context. Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
IPSec and L2TP
Hi all, Has anyone managed to get L2TP, IPSec, racoon, running in a road warrior setup with XP using pre-shared keys. (Or can I not used pre-shared keys for roadwarriro setups) Sample files would be really helpfully, especially /etc/racoon/racoon.conf /etc/l2tpd/l2tpd.conf psk.txt, and chap-secrets... Thanks Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
L2TP
Just wondering if anyone can suggest to me a good implementation of L2TP (RFC 2661)? I need to setup an LNS (L2TP Network Server) to terminate ADSL connections that are PPPoA up until the DSLAM/LAC and from there they go over L2TP (which from my understanding is basically PPP over UDP). The following implementions I have come accross: Babylon http://babylon.spellcast.com/ I don't like the way how it implements PPP itself. l2tpd http://sourceforge.net/projects/l2tpd Derived from http://www.marko.net/l2tp/ which is the oldest implementation that I can find for Linux. Only thing that puts me of is it's 'Alpha' status. l2tp http://sourceforge.net/projects/l2tp But it requires kernel patches. Non of these seem to be packaged in Debian but that doesn't matter since packaging one of them shouldn't be trivial. Have I missed any implementations for Linux? Anyone got any comments on which one I should use? Thanks, -- Jeremy Lunn Melbourne, Australia http://www.jabber.org/ - the next generation of Instant Messaging.
L2TP
Just wondering if anyone can suggest to me a good implementation of L2TP (RFC 2661)? I need to setup an LNS (L2TP Network Server) to terminate ADSL connections that are PPPoA up until the DSLAM/LAC and from there they go over L2TP (which from my understanding is basically PPP over UDP). The following implementions I have come accross: Babylon http://babylon.spellcast.com/ I don't like the way how it implements PPP itself. l2tpd http://sourceforge.net/projects/l2tpd Derived from http://www.marko.net/l2tp/ which is the oldest implementation that I can find for Linux. Only thing that puts me of is it's 'Alpha' status. l2tp http://sourceforge.net/projects/l2tp But it requires kernel patches. Non of these seem to be packaged in Debian but that doesn't matter since packaging one of them shouldn't be trivial. Have I missed any implementations for Linux? Anyone got any comments on which one I should use? Thanks, -- Jeremy Lunn Melbourne, Australia http://www.jabber.org/ - the next generation of Instant Messaging. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]