Next: Illustrations Up: Technical Implementation Previous: Pocket PC 2003
All this configuration assumes, that the VPN-box 'sits' in the network segment, where all the other workstations reside. It is very important to firewall the VPN-box, as L2TPD would listen on port 1701, and an attacker could easily pass around the IPsec Security Layer, if this port was world-wide open. Only 2 rules need to be allowed to go to the VPN-box: Port 500 / UDP for ISAKMP and the ESP Protocol.
Given, the firewall is a stateful Linux-firewall, the rules would look like this:
iptables -A FORWARD -d $vpn -p udp -dport 500 -j ACCEPT