http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/ Thu, 27 May 2010 15:53:19 +0000 hourly 1 http://wordpress.org/?v=3.0 http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/comment-page-1/#comment-482 tnk Tue, 23 Mar 2010 14:27:18 +0000 http://www.kuncar.net/blog/?p=77#comment-482 Well this article has been written as a response to the people complaining that they cannot use Huawei routers as an VPN concentrator and that Huawei does not have any VPN client etc. I just used tools native to both Huawei and Windows to prove that such a configuration is possible. I believe that there is much more options of configuring and tweaking up both sides of the VPN. As to your question - I don't fully understand what are you talking about but the thing is that you will create new interface on the host OS so it should be possible to adjust your routing table to allow certain prefixes go through the VPN and certain through the unencrypted connection. But as I am no windows expert (and I have no intentions being one) I cannot tell for sure - it is just common sense that as the host OS decides what will go where so adjusting it should work. Anyway if you want to build an VPN concentrator you should buy a dedicated machine that was build for that purpose (Checkpoint's firewall with it's own client is one example or the Juniper's SSL solution which is great and widely used and there are others like FortiNet or even OpenVPN etc.) Well this article has been written as a response to the people complaining that they cannot use Huawei routers as an VPN concentrator and that Huawei does not have any VPN client etc. I just used tools native to both Huawei and Windows to prove that such a configuration is possible. I believe that there is much more options of configuring and tweaking up both sides of the VPN.
As to your question – I don’t fully understand what are you talking about but the thing is that you will create new interface on the host OS so it should be possible to adjust your routing table to allow certain prefixes go through the VPN and certain through the unencrypted connection.
But as I am no windows expert (and I have no intentions being one) I cannot tell for sure – it is just common sense that as the host OS decides what will go where so adjusting it should work. Anyway if you want to build an VPN concentrator you should buy a dedicated machine that was build for that purpose (Checkpoint’s firewall with it’s own client is one example or the Juniper’s SSL solution which is great and widely used and there are others like FortiNet or even OpenVPN etc.)

]]> http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/comment-page-1/#comment-481 TKL Mon, 22 Mar 2010 00:37:57 +0000 http://www.kuncar.net/blog/?p=77#comment-481 If it is very nice now, what was nice before? It is absurd as it gives no way of connecting clients to real network, so it requires routing which in fact disables usage for access of specific devices on a single subnet but nothing else. In short - useless for anything else but default gateway vpn. Or am I missing anything? If it is very nice now, what was nice before? It is absurd as it gives no way of connecting clients to real network, so it requires routing which in fact disables usage for access of specific devices on a single subnet but nothing else.
In short – useless for anything else but default gateway vpn. Or am I missing anything?

]]> http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/comment-page-1/#comment-469 tnk Fri, 29 Jan 2010 16:24:04 +0000 http://www.kuncar.net/blog/?p=77#comment-469 OK so I checked with <a href="http://support.microsoft.com/kb/240262" rel="nofollow">Microsoft knowledge-base</a> and the thing is like this: "When the ProhibitIpSec registry value is set to 1, your Windows 2000-based computer does not create the automatic filter that uses CA authentication. Instead, it checks for a local or Active Directory IPSec policy." which is actually what we need right ? OK so I checked with Microsoft knowledge-base and the thing is like this:
“When the ProhibitIpSec registry value is set to 1, your Windows 2000-based computer does not create the automatic filter that uses CA authentication. Instead, it checks for a local or Active Directory IPSec policy.”
which is actually what we need right ?

]]> http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/comment-page-1/#comment-468 tnk Fri, 29 Jan 2010 16:18:58 +0000 http://www.kuncar.net/blog/?p=77#comment-468 Well I think you might be right about that value. It seems more logical for it to be set to 0. I dug this from some very old script of mine and probably mixed the desired and default value :) Thanks for pointing that out I'll verify it and update the article. Well I think you might be right about that value. It seems more logical for it to be set to 0. I dug this from some very old script of mine and probably mixed the desired and default value :) Thanks for pointing that out I’ll verify it and update the article.

]]> http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/comment-page-1/#comment-467 mHuba Fri, 29 Jan 2010 16:06:57 +0000 http://www.kuncar.net/blog/?p=77#comment-467 Hi, this configuration dosn't encrypt anything !!! Tunel work without IPSec, You some switchoff this protocol on Windows ;) by set reg Prohibit Ip Sec = 1 !!!! Hi, this configuration dosn’t encrypt anything !!!
Tunel work without IPSec, You some switchoff this protocol on Windows ;) by set reg Prohibit Ip Sec = 1 !!!!

]]>