Date: Fri, 29 Apr 2005 11:47:31 +0200 From: "mytrix" <mytrix@net4you.cz> To: <freebsd-net@freebsd.org> Subject: L2TP/IPSec + Racoon Message-ID: <20050429094825.21DA950855@phoenix.net4you.cz>
next in thread | raw e-mail | index | archive | help
Hi, I has been installed L2TP/IPSec + Racoon on fBSD 5.3. It works perfect but there are some things, which i want to resolve. 1. I`m using for authentification of clients shared_key. But it has some disadvantages. Clients are "road warrior" and it means, that i can`t know their IP in advance. So, it`s any way, how can i add it to psk.txt file? I test 0.0.0.0/0 SECRET_KEY, but it doesn`t work :(. 2. Road warrior clients will be connect via GPRS, CMDA or from other LANs. In the most cases NAT, firewall, router etc are used. It`s problem for IPSec ...the solution is NAT-T. I think, that fBSD 5.3 doesn`t support it. I found in the archive of this list, that CVS version of Racoon (since 1.1.1.2) (http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/ ) support it. My question is easy, it`s usable for use? 3. Third and last question. On fBSD server is installed Samba 3.X and this server works as domain cotroller. As L2TP daemon is installed SL2TPS, because standard L2TP deamon doesn`t work on fBSD 5.X. It`s possible to configure it to authentificate users against Samba DC? Thx. mytrix
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050429094825.21DA950855>