On Wed, 16 Oct 2019, Stuart Henderson wrote:
I would srongly recommend switching to IKEv2 if you can, it is far
easier to come up with a config that still gives decent crypto with
mixed client platforms. (Internal client on Apple OS and non-ancient
Windows - strongswan on Android/Linux).
I d
>> There are ways to make even Windows clients use actual crypto with IPsec if
>> needed, though last I checked it could not be done from the GUI but required
>> powershell commands. (I don't have a URL handy, sorry, but this information
>> wasn't very hard to find when I needed it.)
>
> Thanks. I
On Mon, 14 Oct 2019, Stefan Sperling wrote:
On Mon, Oct 14, 2019 at 05:55:58PM +1100, Damian McGuckin wrote:
Because I had a working L2TP server setup on $L2TP, I was not going to
go into its pf.conf, ipsec.conf, or anything else. But here is npppd.conf
ike passive esp transport \
I changed /etc/ipsec.conf to have 'ike' reflect the external IP
ike passive esp transport \
proto udp from $L2TPX to any port 1701 \
main auth "hmac-sha1" enc "aes" group modp2048 \
quick auth "hmac-sha1" enc "aes" group modp2048 \
psk "MYSECRET"
and restarted i
On Mon, Oct 14, 2019 at 05:55:58PM +1100, Damian McGuckin wrote:
> Because I had a working L2TP server setup on $L2TP, I was not going to
> go into its pf.conf, ipsec.conf, or anything else. But here is npppd.conf
>
> ike passive esp transport \
> proto udp from egress to any port 1701
5 matches
Mail list logo
