L2TP/IPSec OS Design Development (Windows Embedded CE 6.0)
1/6/2010
The Layer Two Tunneling Protocol (L2TP)/IP Security Protocol (IPSec) implementation in Windows Embedded CE enables a more secure virtual private network (VPN) client connection from a Windows Embedded CE-based device to a corporate server. The implementation supports the following:
- Public key certificates
- Preshared keys
- Encryption with data encryption standard (DES) and 3DES
- Internet Key Exchange (IKE) protocol, which supports authentication and key exchange using the Diffie-Helman (DH) algorithm
Portions of IPSec, IKE, and related services for Windows Embedded CE are jointly developed by Microsoft Corporation and Cisco Systems, Inc.
OS Design Information
The following table shows operating system design information for L2TP/IPSec.
| Concept | Description |
|---|---|
Dependencies |
Depends on the ppp, ddsh, cert, crypt32, and tapi modules. |
Hardware considerations |
None |
Modules and Components
The following table shows the components and modules that implement L2TP/IPSec.
| Item | Module | Component |
|---|---|---|
L2TP/IPSec |
l2tp |
None |
Dial-up networking (RAS/PPP) |
ppp |
None |
DSSDH |
dssdh |
None |
Certificates (CryptoAPI 2.0) |
crypt32 |
SYSGEN_CERTS |
L2TP/IPSec Implementation Considerations
The following table shows the Sysgen variables for L2TP/IPSec.
| Sysgen variable | Description |
|---|---|
SYSGEN_L2TP |
When this variable is set, the L2TP/IPSec Catalog item is included in the OS design. |
SYSGEN_PPP |
When this variable is set, the Dial-up Networking (RAS/PPP) Catalog item is included in the OS design. |
SYSGEN_CRYPTO_DSSDH |
When this variable is set, the Diffie-Hellman/DSS Provider Catalog item is included in the OS design. |
SYSGEN_CERTS |
When this variable is set, the Certificates (CryptoAPI 2.0) Catalog item is included in the OS design. |
Application Development Topics
L2TP/IPSec Application Development