-2

My topologic is :

Host1(MyL2TP Client) <=========> Host2 (L2TP Server, SOCKS5 Proxy Client) <==========>  Host3(SOCKS5 Proxy Server) <======> Internet

Host2 is ubuntu14.04, how to redirect streams from L2TP server to Socks5 proxy? (or Http proxy?)

Update:

Thank you @drookie for your reply. My situation is L2TP protocol is blocked by the Firewall, so I have to get to the Internet via private protocol(between Host2 and Host3), But user does not have a client that support this protocol, So I use L2TP/IPSec

Is this impossible?

Alex Chan
  • 97
  • 4

1 Answers1

1

I highly doubt this is possible. L2tp works over udp/1701, and it's not proxiable. Furthermore, you don't need to proxy it, because pure l2tp is perfectly able to cross NATs.

After all, your request looks like a wrong solution to a common problem. Please describe initial problem, and may be we will be able to provide a solution simple enough.

drookie
  • 8,051
  • 1
  • 17
  • 27
  • Thank you for your reply, I updated the situation I met. Hope for your further reply~ Best regards! – Alex Chan Jan 25 '16 at 15:03
  • It depends on what exactly is blocked: did you try to use pure l2tp ? Here's the article about how to disable ipsec and use pure l2tp in Windows: https://support.microsoft.com/en-us/kb/258261 . Most probably it's ipsec that is blocked. udp/1701 can be blocked too, but pure l2tp is worth a try. – drookie Jan 26 '16 at 05:53
  • I don't want to disable ipsec because it will lower the security level of my system. – Alex Chan Jan 26 '16 at 08:30
  • What makes you think that ? – drookie Jan 26 '16 at 13:22
  • It's complicated. there is firewall called Great Firewall between me and the Internet. this firewall will analysis the data, thus, disable ipsec is dangerouse for me and my users. – Alex Chan Jan 26 '16 at 15:13
  • Well, l2tp, despite the popular urban legend, has an encryption when the underlaying protocol has it. In your case it will be *ppp*, which has *mppe* encryption. You can configure *stateful* 128-bit encryption, and the encryption keys will be renegotiated, depending on the parameters configured. Mppe uses *RC4*, which is strong enough considering key rotation. Not as strong as *AES*, but. considering firewall that your packets have to cross, I'd give it a chance. – drookie Jan 26 '16 at 16:09