All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Implement of L2TP in an OpenVZ container
Obviously, L2TP is a more reliable and more secured VPN protocol than PPTP. And for people who wish to set up a L2TP VPN for themselves, the choice of virtualisation is usually limited to Xen and KVM, due to OpenVZ's limitations.
As we all know, a standard implement of L2TP relies on IPSEC server, which is mostly unsupported by OpenVZ — even on kernel 2.6.32:
[root@test ~]# uname -r 2.6.32-042stab074.10
[root@test ~]# ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K(no kernel code presently loaded) Checking for IPsec support in kernel [FAILED] ...
So I was thinking if there's an alternative implement for L2TP inside an OpenVZ container?
For example, use racoon instead of openswan (unlikely going to work), or use an alternative security achieve other than IPSEC?
(Surely we can use OpenVPN with TUN/TAP, but L2TP is much easier to set up on a normal device.)
I know it is virtually impossible, but still wish someone to have an ultimate solution.
Comments
You can use softether's l2tp/ipsec emulator
Thanks, does softether support radius authorization?
Well, looks like the softether solution is too tied up, and I don't think it will run efficiently in a small OpenVZ container.
No radius authorization
It can run find on 64mb container with a few clients
L2TP works quite fine if you ask your host to enable TUN/TAP support.
If I let L2TP run standalone, it would become transparent, right?
No encryption means clear text transfer.
As that's unacceptable for a VPN, I think there's no way to secure the connection.
If you do not trust 128bit PPTP encryption which have some vulnerabilites other choices are L2TP with IPSEC, SSTP and OpenVPN.Not every device have build-in support for SSTP and OpenVPN so you may find a host which supports IPSEC on openvz kernels or upgrade to xen/vmware/kvm to be able to implement L2TP/IPSEC.
Unlike PPTP, L2TP does not come with an effective encryption. So without IPSEC, L2TP is almost transparant.
Yea, everything being talked about in this thread is to cut the cost of Xen VPSes while still effectively providing secured VPN access. Looks like it is impossible.
Maybe it's better to get a 128MB RAM KVM for a few dollars a month, it should work better.