In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] ("Bryan Irvine") writes:
> Also[1], there may be the need for an occasional connection from users
> just using the windows vpn client. Anybody doing this? I rarely even
> see windows so I'm not sure what to look for there.
> Do I need to import a key of some sort, or set authentication somehow?
My understanding is, if you want to support the simple connection
of Windows clients, using the built-in VPN connector (eg. control
panel -> network -> make new connection -> VPN -> L2TP), the
server side needs:
1. IPSec VPN transport mode, most likely with dynamic IP endpoint
2. L2TP tunneling daemon
3. PPP daemon
You will also need NAT traversal in the server and client IPSec
implementation, if the client is connecting from behind a NAT
firewall/device.
2000 and XP will support NAT traversal with the right service
packs, OpenBSD 4.0, according to my checking of man pages this
evening, should support NAT-T too.
2000 and XP will support authentication using X.509 (ie. SSL
like) certificates, only XP will support PSK (pre-shared-key).
This is from my recent research of trying to get this working
with Debian, but I gave up because the server versions of s/w
I was using didn't support NAT-T, AFAICS. I've not tried it
with OpenBSD, yet.
All AIUI, some of that could be wrong as I've not had it
working yet.
-Paul-
