On Sun, 29 Dec 2002, Jacco de Leeuw wrote: > Jake Bullet wrote: > > > I'm looking for some help setting up a VPN between a linux server and > > Windows2000 client. > > However there seems to be absolutly no documentation on anything and I'm > > awfully confused. If there are some docs, where can I find them? > > Have you looked in the mailinglist archive? > (http://l2tpd.graffl.net/threads.html) > > Because I recently posted a message about this. See: > http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
Yeah, well L2TP was the next choice because I've been fighting trying to get freeswan working and it just doesn't want to play. I get the impression though that Window2000 uses IPSec to implement L2TP so I'm going in circles. FreeS/WAN just moans about an incomplete ISAKMP SA when I try to make the IPSec tunnel. > > When I try running l2tpd I get the following message > > "This binary does not support kernel L2TP." > > It's not really an error. I guess it's more like a reminder > that one day L2TP support should perhaps be in the kernel. Oh right. > > How do I setup or disable authenication? What usernames are they based > > on? The linux box's users? > > PPP authenticates through the file /etc/ppp/chap-secrets or > pap-secrets. You can also authenticate users with Linux > accounts if you specify 'login' as one of the pppd parameters > (man pppd). Perhaps you can also use other authentication > mechanisms (PAM). Note that L2TP has its own authentication too, > but I am not sure if Windows makes use of it. > > > Client Server > > Virtual 10.0.0.2 ---------------PPP---------------- 10.0.0.1 > > Link ---------------L2TP--------------- > > Real 123.0.0.2 --------------UDP/IP-------------- 213.0.0.1 > > > > Is there something I'm missing from this understanding? > > Yes, do you want encryption or not? If you use this setup, > there will be no encryption unless you use MPPE/MS-CHAP > as protocols for PPP. This is what PPTP uses so you might > just as well go PPTP all the way: > http://opensource.lineo.com/poptop/ > > Or you could tunnel it all through IPSEC (i.e. FreeS/WAN > on the Linux server). See the link mentioned at the top. > I just want to create a tunnel with virtual interfaces at each end.. I didn't think it would be so difficult :-/ I was trying to get just IPSec working, but now I see that L2TP runs over that I'm confused. Doesn't IPSec do the tunneling? Or is it just encryption between two end-points? Eventually I want a virtual network where I can have the following: Client Server Client Virtual 10.0.0.2 --------10.0.0.1 <-> 10.0.1.1--------- 10.0.1.2 Real 123.0.0.1 -------------- 213.0.0.1-------------- 231.0.0.1 The clients have to be Win2k/XP unforunatly, and need to communitcate with each other. I realise this is a bit of an odd setup. The only other option seems to PPTP, which is M$ and full of security problems. I don't give two hoots about encrytption, there's nothing sensitive going over the virtual network, it would be better without it as that will give lower overhead. The eventual setup is going to have anywhere up to 20-30 clients, if it works. Thanks for your help. Stephen
