Mac OS X and other operating systems are using L2TP/IPsec for VPN connections. I'm running StrongSwan as my IPsec stack of choice, so I wanted to setup a VPN between my Debian lenny server and OS X as my roadwarrior. There's a nice howto on nielspeen.com. Everything is fine except for one thing:
Q: I want to set up strongSwan to interoperate with Microsoft Windows using L2TP/IPsec. I'm getting the error message "NAT-Traversal: Transport mode disabled due to security concerns" which results in strongSwan sending an encrypted notification BAD_PROPOSAL_SYNTAX
A: Here is a quote from strongSwan lead developer Andreas Steffen on how to deal with this problem:
NAT-Traversal with IPsec transport mode has some inherent security risks. Since Microsoft doesn't care about this please compile strongSwan with the option
So, there's the inherent security risk, but without --enable-nat-transport L2TP/IPsec doesn't work at all with StrongSwan on Lenny. Is there anything I can do, dear LazyWeb, to be able to use L2TP/IPsec VPN connection with OS X and Linux (StrongSwan) to have a really secure connection? Being able to use Windows as VPN roadwarrior clients is optional, but no requirement.