After reading Jacco de Leeuw's great documentation at http://www.jacco2.dds.nl/networking/freeswan-l2tp.html, I have a working openswan/l2tp server running on Debian unstable (sid) using certificates for authentication. The clients are all Windows XP SP2 using the built-in vpn client.
Hi,
in IPsec tunnel mode you can provide a list of 'inside' networks reachable through your IPsec gateway. IIRC, windows uses IPsec transport mode for VPN dialup, where this feature does not apply. Neither L2TP nor PPP have any options for this.
If you must use the dialup vpn client, you will have to use static routing (don't know if/how you can associate a static route to a dialup vpn connection) or use a routing protocol through the ppp connection.
Perhaps you could use IPsec in tunnel mode, without l2tpd/pppd, as you are already using certificates (although you lose the individual user authentication, the certificate only authenticates the machine)
Regards, Matthias
