L2TP/IPSec + Racoon
From: mytrix (mytrix_at_net4you.cz)
Date: 04/29/05
- Previous message: Jiří Adámek [net.consulting]: "L2TP/IPSec + Racoon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <freebsd-net@freebsd.org> Date: Fri, 29 Apr 2005 11:47:31 +0200
Hi,
I has been installed L2TP/IPSec + Racoon on fBSD 5.3. It works perfect but
there are some things, which i want to resolve.
1. I`m using for authentification of clients shared_key. But it has some
disadvantages. Clients are "road warrior" and it means, that i can`t know
their IP in advance. So, it`s any way, how can i add it to psk.txt file? I
test 0.0.0.0/0 SECRET_KEY, but it doesn`t work :(.
2. Road warrior clients will be connect via GPRS, CMDA or from other LANs.
In the most cases NAT, firewall, router etc are used. It`s problem for IPSec
...the solution is NAT-T. I think, that fBSD 5.3 doesn`t support it. I found
in the archive of this list, that CVS version of Racoon (since 1.1.1.2)
(http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/
) support it. My question is easy, it`s usable for use?
3. Third and last question. On fBSD server is installed Samba 3.X and this
server works as domain cotroller. As L2TP daemon is installed SL2TPS,
because standard L2TP deamon doesn`t work on fBSD 5.X. It`s possible to
configure it to authentificate users against Samba DC?
Thx. mytrix
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Jiří Adámek [net.consulting]: "L2TP/IPSec + Racoon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
