Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Implement of L2TP in an OpenVZ container
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Implement of L2TP in an OpenVZ container

sundaymousesundaymouse Member
in General

Obviously, L2TP is a more reliable and more secured VPN protocol than PPTP. And for people who wish to set up a L2TP VPN for themselves, the choice of virtualisation is usually limited to Xen and KVM, due to OpenVZ's limitations.

As we all know, a standard implement of L2TP relies on IPSEC server, which is mostly unsupported by OpenVZ — even on kernel 2.6.32:

[root@test ~]# uname -r 2.6.32-042stab074.10

[root@test ~]# ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K(no kernel code presently loaded) Checking for IPsec support in kernel [FAILED] ...

So I was thinking if there's an alternative implement for L2TP inside an OpenVZ container?
For example, use racoon instead of openswan (unlikely going to work), or use an alternative security achieve other than IPSEC?

(Surely we can use OpenVPN with TUN/TAP, but L2TP is much easier to set up on a normal device.)

I know it is virtually impossible, but still wish someone to have an ultimate solution.

Comments

  • johnlth93johnlth93 Member

    You can use softether's l2tp/ipsec emulator

  • sundaymousesundaymouse Member

    @johnlth93 said:
    You can use softether's l2tp/ipsec emulator

    Thanks, does softether support radius authorization?

  • sundaymousesundaymouse Member

    Well, looks like the softether solution is too tied up, and I don't think it will run efficiently in a small OpenVZ container.

  • johnlth93johnlth93 Member

    @sundaymouse said:
    Thanks, does softether support radius authorization?

    No radius authorization

    @sundaymouse said:
    Well, looks like the softether solution is too tied up, and I don't think it will run efficiently in a small OpenVZ container.

    It can run find on 64mb container with a few clients

  • RaymiiRaymii Member

    L2TP works quite fine if you ask your host to enable TUN/TAP support.

  • sundaymousesundaymouse Member
    edited June 2013

    @Raymii said:
    L2TP works quite fine if you ask your host to enable TUN/TAP support.

    If I let L2TP run standalone, it would become transparent, right?

  • EarthVPNEarthVPN Member

    No encryption means clear text transfer.

  • sundaymousesundaymouse Member

    @EarthVPN said:
    No encryption means clear text transfer.

    As that's unacceptable for a VPN, I think there's no way to secure the connection.

  • EarthVPNEarthVPN Member

    If you do not trust 128bit PPTP encryption which have some vulnerabilites other choices are L2TP with IPSEC, SSTP and OpenVPN.Not every device have build-in support for SSTP and OpenVPN so you may find a host which supports IPSEC on openvz kernels or upgrade to xen/vmware/kvm to be able to implement L2TP/IPSEC.

  • sundaymousesundaymouse Member

    @EarthVPN said:
    If you do not trust 128bit PPTP encryption which have some vulnerabilites other choices are L2TP with IPSEC, SSTP and OpenVPN.Not every device have build-in support for SSTP and OpenVPN so you may find a host which supports IPSEC on openvz kernels or upgrade to xen/vmware/kvm to be able to implement L2TP/IPSEC.

    Unlike PPTP, L2TP does not come with an effective encryption. So without IPSEC, L2TP is almost transparant.

    Yea, everything being talked about in this thread is to cut the cost of Xen VPSes while still effectively providing secured VPN access. Looks like it is impossible.

    Maybe it's better to get a 128MB RAM KVM for a few dollars a month, it should work better.

Sign In or Register to comment.