setting up a l2tp over ipsec client
J.Witvliet at mindef.nl
J.Witvliet at mindef.nl
Thu Apr 23 14:36:04 UTC 2020
Hi Stan,
If you have a text-book example, or full access to firewalls at each end, strongswan is a nice choice, and most configs are covered in examples on their website. Furthermore, many products “do IPSec”.
Otherwise openvpn is proven and trusted technology. Capable of punching firewalls using http-encapsulation.
From: "Karl Auer" <kauer at biplane.com.au<mailto:kauer at biplane.com.au>>
Date: Wednesday, 22 April 2020 at 00:59:05
To: "Ubuntu user technical support, not for general discussions" <ubuntu-users at lists.ubuntu.com<mailto:ubuntu-users at lists.ubuntu.com>>
Subject: Re: setting up a l2tp over ipsec client
On Tue, 2020-04-21 at 14:28 -0400, stan wrote:
> I have been working for the last couple of days
> trying to get (what I believe I need) which is
> an l2tp over ipsec client. I believe what I
Hullo Stan.
IPSec is great for nailed-up router-to-router VPNs, or if you have
ready-to-go corporate software at both ends. It's also the gold
standard for security, alleged NSA cracks notwithstanding, but it's not
for the fainthearted.
https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol
https://en.wikipedia.org/wiki/IPsec
For road warrior type usage, I'd go for OpenVPN, which MikroTik
supports. Someone recommended WireGuard. WireGuard is still pretty new;
if you have larger responsibilities I would avoid it for a year or two
yet.
Another alternative if you have few, but skilled, users, is to use ssh
tunnelling via the MikroTik. To access a webserver on your private
network:
ssh -N -f -L 8000:your_inside_host:80 fred at mikrotik
.. then connect to localhost:8000 in your browser.
Or give sshuttle a spin :-)
https://www.techrepublic.com/article/how-to-use-ssh-as-a-vpn-with-sshut
tle/
Regards, K.
PS: Yes, L2TP runs over IPSec in L2TP/IPSec. IPSec secures the
connection, then L2TP provides a tunnel. So it's a tunnel in a tunnel
:-)
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170
Old fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
--
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20200423/fdb85d8a/attachment.html>
More information about the ubuntu-users
mailing list