On Mon, 2012-02-20 at 11:22 +0100, Niccolò Belli wrote: > Il 20/02/2012 00:59, John A. Sullivan III ha scritto: > [...] > > So, in summary, our first choice is packet marking and our second is the > > policy match. I hope that helps - John > > Thanks, I didn't know policy match got merged, I remember there were > patches floating around some years ago. > > Next question: IKEv2. Both Openswan/Strongswan support IKEv2 nowadays, > so I'd like to avoid L2TP encapsulation. I know Windows 7 does support > IKEv2, but what about XP? Is there a good client for XP which supports > IKEv2? What about MAC OS X/iOS? The Android VPN client? And what about > NetworkManager 0.9? <snip> Hi, Niccolo. Unfortunately, I can't speak to it. In almost all our installations, we use IPSec for net-to-net connections but OpenVPN for remote access. This obviates the whole L2TP issue and, because OpenVPN operates in user space rather than hooking the kernel, it is less likely to interfere with other VPN solutions, e.g., the CEO who looks after multiple companies. Sorry - John -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
