From: John K. H. <jo...@ho...> - 2010-08-10 03:01:05
|
The iPhone OS has a strange set of VPN features. Using L2TP over IPsec it only supports main mode with pre-shared keys (no certificates). Since L2TP provides the per-user authentication we want to use a single pre-shared key for all VPN users, but this is hard to do with ipsec-tools since racoon only supports pskey lookup by address when identity protection is used and we do not know the address of the client in advance. The attached patch adds a wildcard match to the psk.txt reading code, specifying an id of * will match any client. Once this VPN setup is in production -- we still need to test various combinations of NAT -- I'll make a page with working example configs for winbind, racoon, xl2tpd, etc. -- John Keith Hohm <jo...@ho...> |