2
I am trying to setup an L2TP server on my Ubuntu VPS and use certificates to authenticate users rather than a password. The reason behind this choice is that I don't want to have plain text passwords written in the /etc/ppp/chap-secrets file and having an Active Directory service to keep track of all the users is not an option.
I have currently installed openswan and successfully set up the server to work with the shared secret + the user's password.
The next step is to switch from user passwords to certificates.
How can I do that?
How do I edit the configuration of L2TP and IPSec to allow that and how can I issue certificates to users?
Thank you very much, Nick
Niccolò Zapponi
Posted 2013-06-24T18:21:59.767
Reputation: 21
Did you ever get an answer to this? From this writeup and others I've seen, the most common setup involves 3 (!!!) passwords, one each for IPSec, L2TP, and PPPD. As that links shows, one of the 3 (IPSec) can be replaced with per-user certs, using
– James B – 2014-02-07T11:32:12.420racoon. Ideally I'd like to get the number of passwords down to zero :-/Hi, not really. I ended up setting up a "machine certificate" which all users share and is used to authenticate the IPsec tunnel. Then I use unix users' passwords to authenticate pppd. – Niccolò Zapponi – 2014-02-08T11:36:31.293