News: This forum is now permanently frozen.
Pages: [1]
Topic: Open VPN, and L2TP over IPsec  (Read 4267 times)
« on: April 12, 2014, 16:16:29 »
Lee Sharp *****
Posts: 517

So, I have had a few users with Chrombooks ask.  And today there was the tearful goodbye on the mailing list...

So I was wondering if anyone was looking at OpenVPN or L2TP over IPsec right now?  I am willing to help, but it has been a while since I was really deep in the code, and I do not want to duplicate effort.
« Reply #1 on: April 22, 2014, 11:26:34 »
brushedmoss ****
Posts: 446

Hi Lee,  I was looking at l2tp/ipsec, it's definately possible, but will need a bunch of patches  like


AND  probably more

also if m0n0wall is behind NAT I suspect it will need new patches too.

Alternatively, if you want to just use xauth and not l2tp for user auth, this would be easier, but wouldn't cover windows clients natively and would require patching of mpd to use a file for auth

PPTP is the best solution but due to the weakness in cracking auth with sniffed sessions, is too weak.  it may be worth mitigating this weakness using one time passwords like google authenticator
« Reply #2 on: April 22, 2014, 23:29:10 »
Lee Sharp *****
Posts: 517

Note that Chromebook ONLY supports OpenVPN or L2TP over IPsec.  There is no other option without rooting it.  And the covering of Windows and Mac clients is a feature that can not be overlooked.
« Reply #3 on: May 22, 2014, 23:58:13 »
mikeboss *
Posts: 11

now that PPTP became a nogo, L2TP over IPSec is the only option which is supported by Windows and OS X out of the box. for me, it's crucial that there's no need to install additional VPN client software on the roadwarrior's PC/Mac. I only found one firewall (available for free) that can do this: Sophos UTM. I got the VPN up and running within minutes. I read that it's possible with pfSense, too. but I never got it to work... I love m0n0wall and would like to see L2TP over IPSec running on it!

« Reply #4 on: July 05, 2014, 00:31:28 »
brushedmoss ****
Posts: 446

I have lot of the work done to support ipsec/l2tp , there are a lot of patches required for freebsd, particularly around NAT support with ipsec.

Unfortunately I am not getting as much time as I would like to work on it, but hopefully I will have something soon !
« Reply #5 on: July 05, 2014, 04:13:13 »
Lee Sharp *****
Posts: 517

I have been moving (after 6 years in this place) and have had no free time, but in a couple weeks I will have more time available to help.
« Reply #6 on: August 08, 2014, 16:20:42 »
thuety *
Posts: 34

I'd love to see OpenVPN support Smiley
« Reply #7 on: November 18, 2014, 09:48:31 »
whosername *
Posts: 9

Any news on this on a possible ETA on this?

Would love to see it!!!
Pages: [1]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines