[Users] (no subject)

From: Chris Teachworth <Chris(at)emanet.com>
Date: Fri Apr 11 2003 - 13:32:42 EDT

        I was wondering if anyone saw any obvious problems with this kind of a setup that I may have overlooked:

        I followed Jacco de Leeuw's howto
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html on using l2tp over ipsec to get a windows xp client to talk to a freeswan box. Then I disabled IPSEC on the windows xp client's l2tp/ipsec connection and then created a RAS connection package using the Connection Manager Administrators Toolkit that calls Marcus Müller's IPSEC tool http://vpn.ebootis.de/ to build the IPSEC tunnel between the client and the Freeswan box before establishing the l2tp connection. I had to do this because the WinXP client uses transport mode and my l2tp packets were being passed with the wrong source ip address when I was behind a box doing nat with ipsec passthrough enabled. After the l2tp connection is established pppd authenticates the windows user against a windows 2000 radius server. It actually all works really well and all the end user has to worry about is having a machine certificate and a valid windows logon.

Chris Teachworth

---

This email may contain confidential material. If you were not an intended recipient,
Please notify the sender and delete all copies. We may monitor email to and from our network.

---

---

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Fri Apr 11 16:47:09 2003