Hi. I was able to configure strongswan + xl2tpd to make windows in-built VPN client connect to it using:
1) Plain L2TP (directly to xl2tpd) 2) L2TP/IPSec with PSK (after creating some IPtables rules for xl2tpd) Now as we know PSK isn't very secure, I intend to use other authentication method provided for IPSec/L2TP in windows VPN client: "Use certificate for authentication". As the interface says, it probably tries to work like the XAUTH/Hybrid mode of Android by validating the certificate provided by server. But when I select this mode in windows instead of PSK, the client tries to connect only to port 1701 directly instead of 500, 4500 etc. And as direct access to xl2tpd is prevented by firewall, the connection doesn't work. Is there any workaround for this, short of recommending IKEv2 instead of L2TP? Thanks & Regards. Ron
