FreeS/WAN with L2TP install on Debian

To: FreeS/WAN <users@lists.freeswan.org>
Cc: "programing@mbss.org" <programing@mbss.org>, Debian users list <debian-user@lists.debian.org>
Subject: FreeS/WAN with L2TP install on Debian
From: Damir Dezeljin <programing@mbss.org>
Date: Wed, 27 Aug 2003 07:01:39 +0100 (GMT-1)
Message-id: <[🔎] Pine.LNX.4.44.0308270643580.19376-100000@Server.mbss.org>

I read lot of docs on setting IPSec Roadworriro setup for Win2k/XP
clients. I found especialy usefull the following documents:
- http://www.natecarlson.com/linux/ipsec-x509.php
- http://www.jacco2.dds.nl/networking/freeswan-l2tp.html

After setting all the things up I found that I haven't the ipseccmd.exe on
my WinXP box. So I searched the internet again and after some time I found
that I have to install it from WinXP CD. While this is very anoying for my
users (I have to set up the VPN connection for other users of my system) I
want to enable them to use Win2k/XP native client (that client that can be
invoked from 'Network Connections' by clicing 'New Connection' and
following the instructions for 'Connect to Network at My Workplace'.

So I have some questions ... please if anyone can give me any hint, let do
it ;) :
- I couldn't found out if the Freeswan and kernel-pathc-freeswan that
  comes with Debian Woody is enough for my setup (freeswan 1.96-1.4 and
  kernel-patch-feeswan 1.96-1.4)? I also couldn't found out if the kernel
  patch also contains L2TP patch? Are those two tools ok or I have to
  compile them manualy? Is there an already compiled .deb package?
- I want to use keys for authentication (X.509) because I want to support
  more clients and I don't want to share the same secret between all
  clients. Is it posible to set-up Win2k/XP to use such a certificate with
  native IPSec client (is there any doc showing how to do this or any
  hint?)?
- In the first above mentioned doc (first URL) there is a sample
  configuration for ipsec.conf. There is a section 'conn roadwarrior'.
  What I have to enter inest of 'right=%any' to uniquly identify the
  client on the other part of the connection (I want to use the same CA
  certificate to sign all the certificates I will issue for varous servers
  in my company, however I don't want that a user from one server can use
  the VPN connection of the other server - for this reason I have to allow
  only clients with certain certificates to connect to my FreeS/Wan server
  do I have to put the public key that I provide to the client there?)?

Regards,
Dezo

Reply to:

Follow-Ups:
- Re: [Users] FreeS/WAN with L2TP install on Debian
  - From: Andreas Steffen <andreas.steffen@strongsec.net>

Prev by Date: RE: virus' on the list
Next by Date: Re: COBOL compiler
Previous by thread: Re: Re: Problems with sis900 after upgrading to 2.4.20
Next by thread: Re: [Users] FreeS/WAN with L2TP install on Debian
Index(es):
- Date
- Thread