L2TP/IPSec + Racoon
Jiří Adámek [net.consulting]
jadamek at net4you.cz
Fri Apr 29 02:46:52 PDT 2005
I has been installed L2TP/IPSec + Racoon on fBSD 5.3. It works perfect but
there are some things, which i want to resolve.
1. I`m using for authentification of clients shared_key. But it has some
disadvantages. Clients are "road warrior" and it means, that i can`t know
their IP in advance. So, it`s any way, how can i add it to psk.txt file? I
test 0.0.0.0/0 SECRET_KEY, but it doesn`t work :(.
2. Road warrior clients will be connect via GPRS, CMDA or from other LANs.
In the most cases NAT, firewall, router etc are used. It`s problem for IPSec
...the solution is NAT-T. I think, that fBSD 5.3 doesn`t support it. I found
in the archive of this list, that CVS version of Racoon (since 22.214.171.124)
) support it. My question is easy, it`s usable for use?
3. Third and last question. On fBSD server is installed Samba 3.X and this
server works as domain cotroller. As L2TP daemon is installed SL2TPS,
because standard L2TP deamon doesn`t work on fBSD 5.X. It`s possible to
configure it to authentificate users against Samba DC?
More information about the freebsd-net