From owner-freebsd-net@FreeBSD.ORG Fri Apr 29 09:47:39 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 512B416A4CE for ; Fri, 29 Apr 2005 09:47:39 +0000 (GMT) Received: from phoenix.net4you.cz (r2bg153.chello.upc.cz [62.245.122.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7ECD43D62 for ; Fri, 29 Apr 2005 09:47:38 +0000 (GMT) (envelope-from mytrix@net4you.cz) Received: from localhost (localhost.net4you.cz [127.0.0.1]) by phoenix.net4you.cz (Postfix) with ESMTP id 6D7CB50891 for ; Fri, 29 Apr 2005 11:48:25 +0200 (CEST) Received: from phoenix.net4you.cz ([127.0.0.1]) by localhost (phoenix.net4you.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19218-04 for ; Fri, 29 Apr 2005 11:48:25 +0200 (CEST) Received: from mytrix (unknown [192.168.10.7]) by phoenix.net4you.cz (Postfix) with ESMTP id 21DA950855 for ; Fri, 29 Apr 2005 11:48:25 +0200 (CEST) From: "mytrix" To: Date: Fri, 29 Apr 2005 11:47:31 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcVMoHZacd4jc2NlT0yolGOeZd95ig== Message-Id: <20050429094825.21DA950855@phoenix.net4you.cz> X-Virus-Scanned: amavisd-new at net4you.cz Subject: L2TP/IPSec + Racoon X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 09:47:39 -0000 Hi, I has been installed L2TP/IPSec + Racoon on fBSD 5.3. It works perfect but there are some things, which i want to resolve. 1. I`m using for authentification of clients shared_key. But it has some disadvantages. Clients are "road warrior" and it means, that i can`t know their IP in advance. So, it`s any way, how can i add it to psk.txt file? I test 0.0.0.0/0 SECRET_KEY, but it doesn`t work :(. 2. Road warrior clients will be connect via GPRS, CMDA or from other LANs. In the most cases NAT, firewall, router etc are used. It`s problem for IPSec ...the solution is NAT-T. I think, that fBSD 5.3 doesn`t support it. I found in the archive of this list, that CVS version of Racoon (since 1.1.1.2) (http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/ ) support it. My question is easy, it`s usable for use? 3. Third and last question. On fBSD server is installed Samba 3.X and this server works as domain cotroller. As L2TP daemon is installed SL2TPS, because standard L2TP deamon doesn`t work on fBSD 5.X. It`s possible to configure it to authentificate users against Samba DC? Thx. mytrix