Date: Thu, 29 Dec 2005 09:50:47 +0300 From: Alexey Popov <llp@iteranet.com> To: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> Cc: freebsd-net@freebsd.org, Brian Candler <B.Candler@pobox.com> Subject: Re: IPSEC documentation Message-ID: <43B38747.1060906@iteranet.com> In-Reply-To: <20051228164339.GB3875@zen.inc> References: <20051228143817.GA6898@uk.tiscali.com> <001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca> <20051228153106.GA7041@uk.tiscali.com> <20051228164339.GB3875@zen.inc>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. VANHULLEBUS Yvan wrote: >>- L2TP + IPSEC transport mode (= Windows road warrier) > Did someone tried such a setup ? > is there a L2TPD daemon running on FreeBSD which could be used for > that ? I'm successfully using security/racoon and net/sl2tps with Windows XP/2003 L2TP clients. I've tried pre-shared key as well as X.509 certificates auth. > Note also that, for now, this won't work easily, as it will require > dynamic SP entries (roadwarriors....), but I think racoon currently > can't deal with dynamic policies when ports specified (I'll check > that). racoon has passive_mode option. When it is enabled, racoon can create SPD entries for road warriors. If we would also have NAT-T support, FreeBSD would be the best choice of VPN concentrator. With best regards, Alexey Popov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B38747.1060906>