From owner-freebsd-net@FreeBSD.ORG  Thu Dec 29 06:50:49 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C24D716A41F
	for <freebsd-net@freebsd.org>; Thu, 29 Dec 2005 06:50:49 +0000 (GMT)
	(envelope-from llp@iteranet.com)
Received: from eva.iteranet.ru (eva.iteranet.ru [212.74.231.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DDD5743D48
	for <freebsd-net@freebsd.org>; Thu, 29 Dec 2005 06:50:48 +0000 (GMT)
	(envelope-from llp@iteranet.com)
Received: from [10.1.41.116] ([10.1.44.45])
	by eva.iteranet.ru (8.13.1/8.13.1) with ESMTP id jBT6ofA9025431;
	Thu, 29 Dec 2005 09:50:41 +0300 (MSK)
	(envelope-from llp@iteranet.com)
Message-ID: <43B38747.1060906@iteranet.com>
Date: Thu, 29 Dec 2005 09:50:47 +0300
From: Alexey Popov <llp@iteranet.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050419)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>
References: <20051228143817.GA6898@uk.tiscali.com>	<001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca>	<20051228153106.GA7041@uk.tiscali.com>
	<20051228164339.GB3875@zen.inc>
In-Reply-To: <20051228164339.GB3875@zen.inc>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0
	(eva.iteranet.ru [212.74.231.163]);
	Thu, 29 Dec 2005 09:50:42 +0300 (MSK)
X-Virus-Scanned: ClamAV 0.87.1/1219/Thu Dec 29 01:57:59 2005 on eva.iteranet.ru
X-Virus-Status: Clean
Cc: freebsd-net@freebsd.org, Brian Candler <B.Candler@pobox.com>
Subject: Re: IPSEC documentation
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2005 06:50:49 -0000

Hi.

VANHULLEBUS Yvan wrote:
>>- L2TP + IPSEC transport mode (= Windows road warrier)
> Did someone tried such a setup ?
> is there a L2TPD daemon running on FreeBSD which could be used for
> that ?
I'm successfully using security/racoon and net/sl2tps with Windows 
XP/2003 L2TP clients. I've tried pre-shared key as well as X.509 
certificates auth.

> Note also that, for now, this won't work easily, as it will require
> dynamic SP entries (roadwarriors....), but I think racoon currently
> can't deal with dynamic policies when ports specified (I'll check
> that).
racoon has passive_mode option. When it is enabled, racoon can create 
SPD entries for road warriors.

If we would also have NAT-T support, FreeBSD would be the best choice 
of VPN concentrator.

With best regards,
Alexey Popov