859
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
==About==
==About==
L2TPD/IPSEC is method of connecting to your Koozali SME server. It is a suitable replacement for the existing PPTP VPN system on Koozali SME Server.
L2TPD/IPSEC is secure method of connecting to your Koozali SME server. It is a suitable replacement for the existing PPTP VPN system on Koozali SME Server.
L2TPD/IPSEC does not need any special software configuration on your clients. It is supported on a very large number of modern mobile phones and laptops. Please note that not every phone or device will support L2TPD/IPSEC out of the box.
L2TPD/IPSEC does not need any special software configuration on your clients. It is supported on a very large number of modern mobile phones and laptops. Please note that not every phone or device will support L2TPD/IPSEC out of the box.
The device first calls the server via ipsec and makes and encrypted connection. But it has no networking information. xl2tpd then makes a ppp connection through that encrypted ipsec connection.and get its network information at this point.
Once implemented you can disable PPTP, which will be good for you and your users.
Once implemented you can disable PPTP, which will be good for you and your users.
===Notes===
===Notes===
The contrib basically works but there can be complications when you want to combine it with standard host-host ipsec connections. The issue that 'may' arise is if an IPSEC connection is matched prior to the L2TPD one. I do have them both running on my test box but need more feedback on this.
The contrib basically works but there, can be complications when you want to combine it with standard host-host ipsec connections. The issue that 'may' arise is if an IPSEC connection is matched prior to the L2TPD one. I do have both types running on my test box but need more feedback on this.
This is because pure ipsec usually relies on having connections from specific IP address / and or IDs / Certificates. To accept mobile clients, which could come from pretty well any IP address, we need to tell out L2TPD Ipsec configuration to accept connections from anywhere.
The potential issue is if you try a pure Ipsec connection that does not have a correct configuration in the database/configuration, it may try to connect via the L2TPD connection. That will not break anything, but you may experience odd results from the client
Please note that you can enable or disable L2TPD VPN access for users via the Server Manager.
These links discuss the implementation and the creation of this page.
These links discuss the implementation and the creation of this page.
{{Note box|Ipsec has access private as default; if you want to connect from wan, you need to change it to public }}
{{Note box|Ipsec has access private as default; if you want to connect from wan, you need to change it to public }}
config setprop ipsec status enabled
config setprop ipsec access public
xl2tpd does not have to be set public as the xl2tpd connection is made inside the ipsec tunnel.
Now we can enable the required services which will automatically add the correct firewall ports.
Now we can enable the required services which will automatically add the correct firewall ports.
==Disable PPTP==
==Disable PPTP==
Once the implementation is complete and functional, you will not need PPTP enabled. You can go to your server manager and disable it forever and sing a thousand hallelujahs for secure communications ;-)
Once the implementation is complete and functional, you will not need PPTP enabled. If your L2TPD setup is working then make sure that this is disabled or you may still leave ordinary pptp connections open.
You can go to your server manager and disable it forever and sing a thousand hallelujahs for secure communications ;-)
config setprop pptpd status disabled sessions 0
config setprop pptpd status disabled sessions 0
