[strongSwan] Config to make it work with "Use certificate for authentication" L2TP option of windows
RA
ss17 at fea.st
Tue Oct 24 07:48:31 CEST 2017
Hi.
I was able to configure strongswan + xl2tpd to make windows in-built VPN
client connect to it using:
1) Plain L2TP (directly to xl2tpd)
2) L2TP/IPSec with PSK (after creating some IPtables rules for xl2tpd)
Now as we know PSK isn't very secure, I intend to use other
authentication method provided for IPSec/L2TP in windows VPN client:
"Use certificate for authentication". As the interface says, it
probably tries to work like the XAUTH/Hybrid mode of Android by
validating the certificate provided by server. But when I select this
mode in windows instead of PSK, the client tries to connect only to port
1701 directly instead of 500, 4500 etc. And as direct access to xl2tpd
is prevented by firewall, the connection doesn't work.
Is there any workaround for this, short of recommending IKEv2 instead of
L2TP?
Thanks & Regards.
Ron
More information about the Users
mailing list