I've managed to setup tunnels (X.509 auth) between the office network an OpenBSD machine (both with dynamic IPs) by using:
/etc/ipsec.conf on the DMZ/LAN firewall: ike passive esp from 10.17.18.0/24 to any \ srcid vpn.foobar.org dstid vpn-client.foobar.org I also managed to use npppd for L2TP (iOS and OS X clients) by using: ike passive esp transport proto udp \ from pppoe0 (10.17.19.0/24) to any port 1701 \ main auth "hmac-sha1" enc "3des" group modp1024 \ quick auth "hmac-sha1" enc "aes" group none \ psk "..." on the office gateway's /etc/ipsec.conf (and the appropriate nppp.conf, of course). Again, I've managed to get both setups working perfectly, separately. My question is: (how) can I setup both X.509 IPSec and L2TP/npppd simultaneously? I can't have both entries on the same ipsec.conf file since they both refer to the 'default peer', so I guess I should either run two instances of isakmpd (different ports, different fifo), which sounds messy, or use relayd, of which my current knowledge amounts to the first paragraph of the man page. Does anyone have such a setup? TIA Zé