[Swan] multiple users behind single nat
Bob Miller
bob at computerisms.ca
Thu May 29 04:49:10 EEST 2014
Thanks a lot for your response Paul. if you are ever in my neck of
Canada I really need to buy you a lot of beer...
> But didn't work out
> > when they tried it.
>
> Are you saying it worked in the past ?
Negative. Though they are pretty resourceful and have been known to
hook several routers up to a modem to bypass the problem...
> both are correct. The best solution _is_ to migrate to XAUTH/IPsec,
> except that the windows users will need to download a (free) Windows
> client that knows XAUTH, as Microsoft is unwilling to add support for it
> (Windows and blackberry are the last OSes I know if that don't support
> XAUTH).
Okay, once I learned that windows doesnt' support xauth I found an FAQ
where microsoft claims xauth contains unfixable security flaws and has
been rejected for IETF standardization. I can find no supporting
evidence of this on google, is there anything to it?
> There is a nice free client called Shrew Soft VPN for Windows.
>
> > I read the man page for ipsec.conf and the README.XAUTH files, among a
> > bunch of other things from google, but I haven't been able to get it
> > working yet and I am a bit confused about how the roles shift around; it
> > seems xauth fills a lot of the functions I currently use xl2tpd for...
>
> That's right. No more L2TP daemons required. All you need is a
> configuration with libreswan similar to:
Okay, I will check out shrew soft and play around with this a bit.
Thanks again for the feedback...
More information about the Swan
mailing list