Re: Support for L2TP/IPsec



OoO Peu  avant le début  de l'après-midi du  dimanche 25 mai  2008, vers
13:19, David Smith <dds google com> disait:

>> I have not tried StrongSWAN, so I have no reason to use OpenSWAN instead
>> of StrongSWAN.

> OK, could you please double-check that your configuration works with
> strongswan as well as openswan? I want to propose that we focus on one
> IKE implementation and considering the features available in strongswan,
> that it works with the most server implementations especially Windows
> 2003 and 2008 Server and that it supports smartcards the best make it a
> lead contender.

Hi David!

I have just  tested and the configuration that I  posted here works fine
with StrongSWAN (you just  need to comment nhelpers directive). However,
my VPN endpoint is OpenSWAN (which  works fine with Windows and Mac OS X
clients).   I   have  no  experience  with  Windows   2003/2008  as  VPN
server. And I cannot test smartcards stuff.

StrongSWAN disables transport mode:
 003  "XXXXXXX" #2:  NAT-Traversal: Transport  Mode not  allowed  due to
 security concerns -- using Tunnel mode

I  don't  think  that  is  something  that should  be  remarked  by  the
server. Therefore, there should be no problem.

If  you run  into  difficulties  with StrongSWAN,  here  is another  IKE
implementation that don't need configuration files:
 http://www.shrew.net/?page=software
However, I think that it won't support things like smartcards.
-- 
No fortunes found


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]