l2tp or pptp?

l2tp or pptp?

Post by piotr szafarczy » Fri, 28 Dec 2001 06:49:11



i'm trying to allow users to connect to a network using internet. so far i
configured a test server to accept ipsec connections (esp). the server and a
client negotiates succesfuly and transmission is encrypted. the problem is
when a client connects from a network using nat. as i understand the problem
is because netstat -rn -f encap shows the real ip address of the client but
packets are sent to an ip of a nat machine. client sends packets encrypted
and my server responds in clear text. nat machine drops the responses since
it cannot match them with clients communication (and i don't want
unencrypted communication).

is there anything i could do to solve the problem? what i really want to
achive is to treat a client as a machine working in my lan.
is there a l2tp or pptp server i could run on an openbsd machine? or maybe
i'm missing something and i could have what i want with just ipsec?
--
piotr

 
 
 

l2tp or pptp?

Post by ../ » Sun, 06 Jan 2002 10:16:36



Quote:> i'm trying to allow users to connect to a network using internet. so far i
> configured a test server to accept ipsec connections (esp). the server and
a
> client negotiates succesfuly and transmission is encrypted. the problem is
> when a client connects from a network using nat. as i understand the
problem
> is because netstat -rn -f encap shows the real ip address of the client
but
> packets are sent to an ip of a nat machine. client sends packets encrypted
> and my server responds in clear text. nat machine drops the responses
since
> it cannot match them with clients communication (and i don't want
> unencrypted communication).

> is there anything i could do to solve the problem? what i really want to
> achive is to treat a client as a machine working in my lan.
> is there a l2tp or pptp server i could run on an openbsd machine? or maybe
> i'm missing something and i could have what i want with just ipsec?
> --
> piotr

I know you can run a pptp on OpenBSD. I forget though if it's a pptpd or a
pptp client? I think it's in ports, and there might have been an article

As for l2tp, I personally haven't looked into that yet as I'm using IPSec.

As for the main question, sorry I missed too much to understand as I haven't
slept in three days.. I'll try to read it over again if I sleep this week
and get back to you on that. ;)