Hello misc.
Recently, i needed to setup l2tp-ipsec for some ip phones to reach my
network.
so, the l2tp part is not trouble at all with npppd, but, the ipsec part
is harder to understand.
after reading ipsec and ipsec.conf man,
i tryed to add just one line:
ike passive from my.ga.te.ip to any psk "mykey"
but this didn't work.
after some googling, i have found this line:
ike passive esp transport \
proto udp from 1.2.3.4 to any port 1701 \
main auth "hmac-sha1" enc "3des" group modp1024 \
quick auth "hmac-sha1" enc "aes" \
psk "password"
it was found on undeadly.org
I need help to understand how it even works.
1) why does somebody use "transport" here and somebody use "tunnel"? I
myself tryed "transport" and it works. than, what is the difference for
l2tp?
2) ipsec.conf man, says that "esp" is default. But if I omit this
option, it stops working with error like: PAYLOAD_MALFORMED.
3) and the most difficult for me to understand: Why does all howto's use
this fragment:
proto udp from my.ga.te.ip to any port 1701 ??
the ipsec.conf man says: from src [port sport] [(srcnat)] to dst [port
dport]
so, this line declare a tunnel, where our gate use any port, and our
expected remote client use port 1701?? why does this even work?
Thank you in advance for help!
