Re: Support for L2TP/IPsec
- From: Vincent Bernat <bernat luffy cx>
- To: David Smith <dds google com>
- Cc: networkmanager-list gnome org
- Subject: Re: Support for L2TP/IPsec
- Date: Sun, 25 May 2008 13:42:02 +0200
OoO Peu avant le début de l'après-midi du dimanche 25 mai 2008, vers
13:19, David Smith <dds google com> disait:
>> I have not tried StrongSWAN, so I have no reason to use OpenSWAN instead
>> of StrongSWAN.
> OK, could you please double-check that your configuration works with
> strongswan as well as openswan? I want to propose that we focus on one
> IKE implementation and considering the features available in strongswan,
> that it works with the most server implementations especially Windows
> 2003 and 2008 Server and that it supports smartcards the best make it a
> lead contender.
Hi David!
I have just tested and the configuration that I posted here works fine
with StrongSWAN (you just need to comment nhelpers directive). However,
my VPN endpoint is OpenSWAN (which works fine with Windows and Mac OS X
clients). I have no experience with Windows 2003/2008 as VPN
server. And I cannot test smartcards stuff.
StrongSWAN disables transport mode:
003 "XXXXXXX" #2: NAT-Traversal: Transport Mode not allowed due to
security concerns -- using Tunnel mode
I don't think that is something that should be remarked by the
server. Therefore, there should be no problem.
If you run into difficulties with StrongSWAN, here is another IKE
implementation that don't need configuration files:
http://www.shrew.net/?page=software
However, I think that it won't support things like smartcards.
--
No fortunes found
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]