On Fri, Jul 28, 2006 at 02:28:44PM +0200, H?kan Olsson wrote:
> On 28 jul 2006, at 14.09, jeraklo wrote:
> >
> >So, you are saying that pf(4), ipsec(4), ipsecctl(8),
> >and maybe vpn(8) is all I need ? Do I have to make
>
> That's a good start, yes. Plus it should be fairly easy to find
> configuration examples for setups like this.
>
> >some special tweakings on the windows client machines
> >in order to run the VPN, or is ti just a matter of
> >some default configuration ?
>
> There is an IPsec implementation in Windows, but configuring it is
> something else again. It's been a few years since I experimented with
> it last, but it was "no fun" then, at all. If you search for it,
> you'll probably find some references on how to set it up on the net.
> I figure most people using IPSec on Windows end up using some kind of
> IPSec client software...
It's horribly broken. L2TP (layer 2 tunneling protocol) is a mandatory
part of the protocol, and while it does have some uses, none of them are
particularly likely to be of interest (contemplate the idiocity of
IP-over-L2TP-over-IPsec-over-IP, and you'll understand that just because
you can doesn't mean you should).
Joachim
