Re: Support for L2TP/IPsec
- From: Vincent Bernat <bernat luffy cx>
- To: Dan Williams <dcbw redhat com>
- Cc: networkmanager-list gnome org
- Subject: Re: Support for L2TP/IPsec
- Date: Fri, 23 May 2008 21:23:51 +0200
OoO En cette nuit nuageuse du vendredi 23 mai 2008, vers 00:20, Dan
Williams <dcbw redhat com> disait:
>> LT2P/IPsec becomes a popular choice for setting up VPN. Security is greater
>> than PPTP solutions and clients are included in Windows and Mac OS X.
>> Unfortunately, this is quite difficult to setup on Linux. Having a plugin
>> for network-manager will be great.
> So we need a few things from openswan. The first is to either accept
> command-line arguments for configuration, or to accept configuration
> from stdin and not from a file. There's quite a few reasons why we
> shouldn't be writing out a config file, and there's more reasons why we
> shouldn't be pointing openswan at an existing config file.
Well, this would be a bit difficult. There others IKE daemon that may be
configured this way:
- isakmpd from OpenBSD accepts to be enterily configured using a named
pipe
- iked from Shrew Soft VPN client has an IKE daemon that also accepts
to be configured in a similar way
I will test if one of them is able to establish a proper IPsec tunnel
suitable for L2TP/IPsec.
>> - setup L2TP part with xl2tpd (which needs ppp)
> Hmm, we'll need to control xl2tpd then too, but we'll need to be able to
> tell it what options to pass to pppd, not give it a config file. We
> also need to be able to feed secrets to it over stdin or via a plugin if
> possible. This is what's done for pppd, since pppd allows plugins to
> handle the authentication.
xl2tpd can either use a plugin for pppd and do the authentication itself
or just let pppd do the authentication. So the actual plugin for pppd
will do the trick. Concerning pppd options, unfortunately, xl2tpd seems
to have no other options than to pass a file to pppd.
> The problem with config files is that we'd be writing them out every
> time we launch the daemon, because the VPN settings come from a variety
> of sources. They are pulled from the user's session store (GConf on
> Gnome) or from system settings, they don't get stored in the native
> daemons config files.
Can't we write temporary files? xl2tpd accepts to take any configuration
file.
Thanks for your insight!
--
BOFH excuse #63:
not properly grounded, please bury computer
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]