home

Supported Platforms

Getting startedVyatta NOS OverviewVyatta NOS Architecture OverviewSupported PlatformsRelease Notes
Getting startedVyatta NOS OverviewVyatta NOS Architecture OverviewSupported PlatformsRelease Notes

Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Show Contents

thumbnailSupported Platforms

Remote Access VPN Overview

RA VPN using L2TP/IPsec with pre-shared key

The following figure shows establishment of an L2TP/IPsec VPN session.

Figure 1. Remote access VPN-L2TP/IPsec with pre-shared key
  1. The remote client first establishes an IPsec tunnel with the VPN server.
  2. The L2TP client and server then establish an L2TP tunnel on top of the IPsec tunnel.
  3. Finally, a PPP session is established on top of the L2TP tunnel, i.e., the PPP packets are encapsulated and sent/received inside the L2TP tunnel.

    With this solution, only user authentication is done at the PPP level (with username/password). Data encryption is provided by the IPsec tunnel. Furthermore, in order to perform encryption, IPsec also requires authentication (studies have shown that IPsec encryption-only mode is not secure) at the host level.

    When pre-shared key is used with L2TP/IPsec, all remote clients must be configured with the same PSK for IPsec authentication. This presents both a security challenge and an operations challenge, since when the key is changed, all remote clients must be re-configured. An alternative is to use L2TP/IPsec with X.509 certificates, as discussed in the next section.

Last updated: December 30, 2021