Connect to L2TP VPN without IPSec

[octbit]

So my company runs an L2TP VPN on a Windows server, but they have IPSec disabled. When setting up Windows clients, they have to run a registry hack to disable this functionality on the client. Perhaps this is all a little goofy, but unfortunately it's the way it is.

I'd like to be able to get onto the corporate LAN without using Citrix or Fusion. Is it possible to disable IPSec when using either the Mac VPN client or something from a third party? I've searched around for information on this and have tried hacking up an exported plist for my VPN connection to no avail. The closest thing I've seen on FreeBSD forums requires a kernel flag to be set and compiled in.

Hopefully there's some other work around?

Thanks!

 

[calderone]

Just so you know, I have been looking into this and haven't found anything yet.

 

[octbit]

Just so you know, I have been looking into this and haven't found anything yet.

Thanks, I've continued to research it myself. What I'm finding is that I don't believe Windows is actually disabling IPSec, but rather using AD authentication in place of a shared cert or secret. For every Windows PC our IT department puts on the network, they run the following registry mod:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters]
"ProhibitIpSec"=dword:00000001

I did some research on what this really does, and found this:

When the ProhibitIpSec registry value is set to 1, your Windows 2000-based computer does not create the automatic filter that uses CA authentication. Instead, it checks for a local or Active Directory IPSec policy.

I'm not sure if that can be emulated on a Mac. Perhaps someone out there has a lot of experience with Macs on Active Directory?

Thanks!