[Bug 171347] Review Request: l2tpd - Layer 2 Tunneling Protocol daemon

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: l2tpd - Layer 2 Tunneling Protocol daemon


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171347





------- Additional Comments From paul at xtdnet.nl  2005-12-09 17:25 EST -------
I've changed chap-secrets.example to chap-secrets.example-l2tp.

I do not know what you mean with "local-address". There are two options that
resemble your word:

listen-addr: the bind address, default to INADDRANY
local-ip: the ip address for the P-t-P link on the l2tp server end
          (needs to be seperately configured by admin)

if local-ip is not configured properly, after authentication packets will get
dropped cause the l2tpd cannot sent/receive them. no risk, it just won't work.

listen-addr could be defined to listen on the example local-ip, but then people
need to configure port forwarding between interfaces. Most will not do this,
even though it is more secure. (It's really tricky, especially with IPsec and
the NETKEY-specific weirdness that comes from it).
It is far easier to just mark ESP and UDP 500/4500 packets and only allow marked
packets to reach port 1701 (l2tp port). This ensures no one but the IPsec
authenticated users can start to try and authenticate with l2tp.

Setting any of these to 127.0.0.1 will confuse users a lot.

New src.rpm and spec file pushed:

ftp://ftp.openswan.org/l2tpd/binaries/fedora/4/SRPMS/l2tpd.spec
ftp://ftp.openswan.org/l2tpd/binaries/fedora/4/SRPMS/l2tpd-0.69.20051030-15.src.rpm

(I am still using high releases because otherwise the rpms in this
correspondence would not be incremental in their release)

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.