IPSec-VPN on Stock Kernel

From NAS-Central Buffalo - The Linkstation Wiki
Revision as of 11:35, 8 September 2010 by Nobody0472 (Talk | contribs)

Jump to: navigation, search

Attention: What ever you do, you do it on your own risk

Contents

Prerequisite

You have to have firmware 1.34 already installed and opened for telnet access. If not, you can find a guide here: Open Stock Firmware LS-XHL

For Firmwares before 1.34 this also may work, but it's unknown if the IPSEC-XL2TP Packages are also in there.

What's the aim ?

The aim is to realize a VPN-Server that uses L2TP-IPSec as tunneling technology.


Why this, and not PPTP ? The issue with PPTP is, that it needs MPPE support within the kernel, which is simply not there.

Therefore we are going to use IPSec & L2TP, as they are more secury in most scenarios in any way.

What is needed ?

The good news are: everything is already on the box, you don't have to install any external software-package at all.

The bad news: The packages are configured to be used for a service called PocketU (only in Japan). As a matter of fact all boxes outside of Japan are not using those things at all.


As a general guidline for an IPSec-L2TP Server we need: IPSec - Package (here OpenSwan with pluto), an IPSec-Configuration and a tunnel-configuration L2TP - Package (here xl2tp), and xl2tp-Configuration and ppp.xl2tp options

How does it work

The VPN works as follows:

1) An IPSec tunnel will be opened (using a preshared-key or certificates)

2) Within the tunnel L2TP is used to authenticate a user and do IP-adressing with PPP in there

Configuration