Project

General

Profile

Actions

Bug #475

closed

L2TP is not functional in the way users will expect

Added by Chris Buechler over 14 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
L2TP
Target version:
-
Start date:
04/04/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

L2TP appears to be missing the IPsec part, mpd binds on UDP 1701, but it has nothing for the ISAKMP, nothing is bound on UDP 500. Clients just fail after attempting to send the ISAKMP phase 1 ident which gets no response.

Actions #1

Updated by Ermal Luçi over 14 years ago

This is relevant to what is needed to be done.

For further reference read this http://old.nabble.com/IPSec-NAT-T-in-transport-mode-td27240984.html

Actions #2

Updated by Chris Buechler over 14 years ago

  • Subject changed from L2TP is not functional to L2TP is not functional in the way users will expect

clarifying ticket, it does actually work, but not the way most people are going to expect.

Actions #3

Updated by Ermal Luçi over 14 years ago

Probably this should be closed and a feature request should be opened for a wizard.

Actions #4

Updated by Chris Buechler over 14 years ago

to be consistent with how users expect it to work, and how it works in similar projects, it needs to just automatically add the appropriate IPsec bits. I don't see any need for a wizard.

Actions #6

Updated by Thomas Reagan almost 14 years ago

Hello,

This is functionality that I could really use, and would be happy to assist in any way that I can. However, I am unclear from the bug to date what needs to happen next - is the next step evaluating the relevant settings, building a framework, or what?

If one of the core developers can point me in a direction, I am happy to slug through this.

Thanks,

--tkr

Actions #7

Updated by Chris Buechler almost 14 years ago

L2TP is likely just going to be plain L2TP for 2.0 and we can work out the IPsec bits later. The underlying software doesn't work properly with L2TP+IPsec and it's going to require some heavy lifting development work to fix that. Details in the link Ermal provided in the fist comment above.

Actions #8

Updated by Ermal Luçi almost 14 years ago

  • Target version changed from 2.0 to 2.1

This cannot be achived in 2.0 timeframe.

Actions #10

Updated by Dim Hatz almost 13 years ago

Another related link:

Howto set up a L2TP/IPsec VPN Dial-In Server (Part I to III)
http://forums.freebsd.org/showthread.php?t=26755

Actions #11

Updated by Carsten Zimmermann about 12 years ago

Are there any updates on this regarding the 2.1 release? I'm running the 2.1 beta (build: Fri Nov 16 04:26:21 EST 2012) and there is indeed no IKE daemon running after enabling L2TP.

(Also, is there a recommended approach to do this manuelly without 'disturbing' the web-based mpd configuration?)

Actions #12

Updated by Jim Pingle about 12 years ago

There is still no way to do this with or without the GUI. It still requires patches to the software (ipsec-tools/racoon) that we have not yet made.

Actions #13

Updated by Chris Buechler almost 12 years ago

  • Target version deleted (2.1)
Actions #14

Updated by Slava Bendersky over 10 years ago

Why do not stop using racoon ? Why not start using libreswan base on netkey or klips. Libreswan match match more sutiable solution for ipsec then racoon. I am talking from my experience.

Actions #15

Updated by Slava Bendersky over 10 years ago

Slava Bendersky wrote:

Just stop using racoon ? Why not start using libreswan base on netkey or klips. Libreswan match match more sutiable solution for ipsec then racoon. I am talking from my experience.

Actions #16

Updated by Ermal Luçi over 10 years ago

  • Status changed from New to Closed

This is possible on 2.2.
So this can be considered closed.

Actions

Also available in: Atom PDF