On Mon, Nov 13, 2006 at 01:08:52PM -0800, Tom Eastep wrote: > Ruben Moretti wrote: > > Uuuppss sorry. > > Alcohol lacking at work is not good :-) > > Thanks > > It is my understanding that the way that Microsoft's IPSEC/L2TP works is as > follows: > > a) First an IPSEC SA is negotiated between the endpoints. > b) The client then initiates an L2TP (UDP 1701) session through the tunnel and > will tunnel all of the VPN traffic through L2TP. So the only traffic to/from > your remote ipsec zone will be L2TP. > c) The LT2P client or server that you run on the Shorewall box will create a > ppp > interface. It is through that interface that the real VPN traffic flows.
That's right - I used to have one of these set up. It is ugly and a real pain to get working. Trying to configure ipsec correctly on Windows is particularly agonising. Unless you're trying to get domain logons to work over the vpn tunnel (and frankly, this is not a good idea - Windows does not handle it very well), do yourself a favour and use openvpn instead. The firewall configuration is simpler and the client side is much less insane. As far as I can tell, it doesn't work any better if you use a Windows box as the gateway, either. I suspect that their VPN support is only present because they wanted to say that they had it. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
