D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] VPN Problems

 

Hi Guys,

I am having serious problems with my VPN setup at work. Debian Stable
with openswan, has been working fine, does work fine with debain
unstable/openswan (as a client). Chuck a windows XP client in the mix
and it will not connect to the server, the IKE handshake fails with out
even the ident being confirmed. I have tried reducing the X509 cert size
and watched the handshake with tcp-dump to rule out MTU problems. I
thought the problem may be to do with having the server behind a NAT
(microsoft since SP2 consider this a security risk), tried the registry
tweak for the XP machine, no luck.

Now i have bought a VPN router so my IPSEC server has a public ip
address but this behaves exactly the same as openswan and the client
does not connect. A Vigor ADSL security router, a lovely little box with
loads of good features highly recomended.

Currently i have resorted to using pptp with 128bit MPE encryption and
strong usernames and passwords (ie totaly random and many characters for
both parts).

Anybody seen or heard anything about MS breaking the ipsec standard
recently or is this something else (a second laptop does the same thing
with XP SP2 as well when connecting to openswan however)?

And is this pptp and 128bit MPE any good, i have seen not so good
reports out on the net but can i rely on it? I know its not as good as
X509 and ipsec as this has perfect forward security and other stuff.

Idealy i want to get L2TP working over ipsec but this seems totaly
broken from the MS end of things either to my new router or a l2tpd on
the debian box.

Regards

Robin



Attachment: signature.asc
Description: OpenPGP digital signature