Categories
Announcing kl2tpd NetworkManager-l2tp integration
We recently posted about go-l2tp, a new Go project providing a library for building L2TP applications on Linux systems.
In this follow-up post we have a further announcement of a forked version of NetworkManager-l2tp which integrates the kl2tpd tool from go-l2tp.
NetworkManager-l2tp
NetworkManager-l2tp is a plugin for the widely used Linux Network Manager component which supports L2TP and L2TP/IPSec VPN connections on Linux desktop machines.
The upstream NetworkManager-l2tp uses the xl2tpd daemon to implement the L2TP protocol. We thought it would be an interesting proof of concept to port NetworkManager-l2tp to use kl2tpd from the go-l2tp repository.
Beyond being an interesting experiment, kl2tpd also offers some benefits over xl2tpd:
- It supports IPSec with kernel-mode L2TP data transport. This is more efficient, and avoids design compromises necessary to handle the data path in userspace.
- It makes use of ephemeral ports to connect to the VPN gateway, allowing for more flexible network setups.
Forked repository
Our forked NetworkManager-l2tp repository hosts our patches porting NetworkManager-l2tp to use kl2tpd.
In addition to porting NetworkManager-l2tp to use kl2tpd, our fork also updates some of the StrongSwan configuration used by the plugin to use up-to-date syntax.