SnapGear 2.0.1 User Manual

Virtual Private Networking

158

L2TP server

The L2TP Server runs in a similar way to the PPTP Server. A range of IP addresses is
allocated, and then username and password pairs are created to allow users to log on.

Note

To increase security, L2TP VPN connections from Windows PCs are also run through an
IPSec tunnel. This means an IPSec connection must be configured and enabled on the
CyberGuard SG appliance as well as the L2TP server before Windows clients can
connect.

The default way for the IPSec connection to be authenticated is to use x.509/RSA
certificates. The CyberGuard SG appliance therefore needs to have IPSec configured
with both a CA and local certificate before connections can be established. The Windows
machine needs to have a copy of the CA certificate used to sign the CyberGuard SG
appliance's local certificate, and similarly, the CyberGuard SG appliance needs a copy of
the CA of the Windows certificate.