You do realize that L2TP is only slapped on top of IPsec because Windows is
brain-dead? And that you can do with just IPsec?
And you do realize that your method of installing *Swan is just as brain-dead
as using L2TP? You make a big mess in the system for no good reason, as
strongSwan is a Debian stable package, and you don't use KLIPS.
Your install script makes even more stupid things, like replacing current
firewall rules with your own without any regard.
The only thing you got right is to use FreeS/WAN descendant, as ipsec-tools is
atrocious.
The reason I chose Libreswan [1] (over Openswan) is that it is more actively developed with recent patches [2]. I have not tried strongSwan as of yet.
Regarding the firewall rules: The VPN scripts are intended to be run on a freshly installed Linux system. By adding those IPTables rules, the OS would be better protected from network attacks. For example, the L2TP port UDP 1701 is closed for traffic other than those via IPsec.
2 comments
[ 0.22 ms ] story [ 18.8 ms ] threadAnd you do realize that your method of installing *Swan is just as brain-dead as using L2TP? You make a big mess in the system for no good reason, as strongSwan is a Debian stable package, and you don't use KLIPS.
Your install script makes even more stupid things, like replacing current firewall rules with your own without any regard.
The only thing you got right is to use FreeS/WAN descendant, as ipsec-tools is atrocious.
The reason I chose Libreswan [1] (over Openswan) is that it is more actively developed with recent patches [2]. I have not tried strongSwan as of yet.
Regarding the firewall rules: The VPN scripts are intended to be run on a freshly installed Linux system. By adding those IPTables rules, the OS would be better protected from network attacks. For example, the L2TP port UDP 1701 is closed for traffic other than those via IPsec.
[1] https://libreswan.org
[2] https://nohats.ca/wordpress/blog/2014/02/16/development-of-l...