<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"> <meta name="Generator" content="Microsoft Exchange Server"> <style></style> </head> <body> <div> <div>Hi Stan,</div> <div><br> </div> <div>If you have a text-book example, or full access to firewalls at each end, strongswan is a nice choice, and most configs are covered in examples on their website. Furthermore, many products “do IPSec”.</div> <div>Otherwise openvpn is proven and trusted technology. Capable of punching firewalls using http-encapsulation.</div> <div><br> </div> <div style="border:none; border-top:solid #B5C4DF 1.0pt; padding:3.0pt 0 0 0"> <div><br> <b>From: </b>"Karl Auer" <<a href="mailto:kauer@biplane.com.au">kauer@biplane.com.au</a>><br> <b>Date:</b> Wednesday, 22 April 2020 at 00:59:05<br> <b>To: </b>"Ubuntu user technical support, not for general discussions" <<a href="mailto:ubuntu-users@lists.ubuntu.com">ubuntu-users@lists.ubuntu.com</a>><br> <b>Subject:</b> Re: setting up a l2tp over ipsec client</div> </div> <br> </div> <font size="2"><span style="font-size:10pt;"> <div class="PlainText">On Tue, 2020-04-21 at 14:28 -0400, stan wrote:<br> > I have been working for the last couple of days<br> > trying to get (what I believe I need) which is<br> > an l2tp over ipsec client. I believe what I <br> <br> Hullo Stan.<br> <br> IPSec is great for nailed-up router-to-router VPNs, or if you have<br> ready-to-go corporate software at both ends. It's also the gold<br> standard for security, alleged NSA cracks notwithstanding, but it's not<br> for the fainthearted.<br> <br> <a href="https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol">https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol</a><br> <a href="https://en.wikipedia.org/wiki/IPsec">https://en.wikipedia.org/wiki/IPsec</a><br> <br> For road warrior type usage, I'd go for OpenVPN, which MikroTik<br> supports. Someone recommended WireGuard. WireGuard is still pretty new;<br> if you have larger responsibilities I would avoid it for a year or two<br> yet.<br> <br> Another alternative if you have few, but skilled, users, is to use ssh<br> tunnelling via the MikroTik. To access a webserver on your private<br> network:<br> <br> ssh -N -f -L 8000:your_inside_host:80 fred@mikrotik<br> <br> .. then connect to localhost:8000 in your browser.<br> <br> Or give sshuttle a spin :-)<br> <br> <a href="https://www.techrepublic.com/article/how-to-use-ssh-as-a-vpn-with-sshut">https://www.techrepublic.com/article/how-to-use-ssh-as-a-vpn-with-sshut</a><br> tle/<br> <br> Regards, K.<br> <br> PS: Yes, L2TP runs over IPSec in L2TP/IPSec. IPSec secures the<br> connection, then L2TP provides a tunnel. So it's a tunnel in a tunnel<br> :-)<br> <br> -- <br> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br> Karl Auer (kauer@biplane.com.au)<br> <a href="http://www.biplane.com.au/kauer">http://www.biplane.com.au/kauer</a><br> <a href="http://twitter.com/kauer389">http://twitter.com/kauer389</a><br> <br> GPG fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170<br> Old fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D<br> <br> <br> <br> -- <br> ubuntu-users mailing list<br> ubuntu-users@lists.ubuntu.com<br> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-users"> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users</a><br> </div> </span></font><br> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. <br> <br> This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. </body> </html>