Katalix

Categories

Announcing kl2tpd NetworkManager-l2tp integration

We recently posted about go-l2tp, a new Go project providing a library for building L2TP applications on Linux systems.

In this follow-up post we have a further announcement of a forked version of NetworkManager-l2tp which integrates the kl2tpd tool from go-l2tp.

NetworkManager-l2tp

NetworkManager-l2tp is a plugin for the widely used Linux Network Manager component which supports L2TP and L2TP/IPSec VPN connections on Linux desktop machines.

The upstream NetworkManager-l2tp uses the xl2tpd daemon to implement the L2TP protocol. We thought it would be an interesting proof of concept to port NetworkManager-l2tp to use kl2tpd from the go-l2tp repository.

Beyond being an interesting experiment, kl2tpd also offers some benefits over xl2tpd:

  • It supports IPSec with kernel-mode L2TP data transport. This is more efficient, and avoids design compromises necessary to handle the data path in userspace.
  • It makes use of ephemeral ports to connect to the VPN gateway, allowing for more flexible network setups.

Forked repository

Our forked NetworkManager-l2tp repository hosts our patches porting NetworkManager-l2tp to use kl2tpd.

In addition to porting NetworkManager-l2tp to use kl2tpd, our fork also updates some of the StrongSwan configuration used by the plugin to use up-to-date syntax.