Re: racoon, IKEv1 and multiple ipsec clients behind NAT

["Mathew, Cherry G." <c%bow.st@localhost>]

On October 20, 2022 1:24:36 PM UTC, Gert Doering <gert%greenie.muc.de@localhost> wrote:
>Hi,
>
>On Thu, Oct 20, 2022 at 01:19:39PM +0000, Mathew, Cherry G. wrote:
>> In the end I went with l2tp(4) over OpenVPN over tor.
>
>What exactly are you trying to build here?
>
>As in, is there anything L2TP provides that OpenVPN can not do?
>


One of my goals is to setup a virtual lan across my devices that are physically located at various locations.  OpenVPN doesn't seem to provide this seamlessly, last I checked.

I'd also like to be able to "dial" into this virtual lan in a "road warrior" setting using standard android/iPhone VPN clients - at the moment all ipsec/l2tp based.

Additionally, I'd like to use some of the machines in this virtual lan as hosts for various things to the internet - for eg: email, https, xmpp etc.

A tertiary goal I'm experimenting with is to try to see how to avoid physical confiscation of my equipment (some of them are located in jurisdictions where the law and its implementers are the threat) - thus tor. The exit point to the internet is public, but in a different legal jurisdiction from that of the hosting boxes.

Speed and efficiency are several notches down on my design goals.

>Just trying to understand, this looks more complicated than necessary,
>and complication brings debugging and surprises...
>

So far, testing gives me about 350ms ping time between the remote L2 segments - I haven't been able to test throughput yet.

I'd be interested in recommendations for testing "performance" of virtual LANs 

Many thanks,

cherry