[Openswan Users] Can OpenSWAN replace OpenVPN?

Alex Crow acrow at integrafin.co.uk
Fri Jul 20 08:04:46 EDT 2012 

Sandra,

I believe that IPSEC is operating in transport mode with L2TP and it's 
L2TP that creates the tunnel to your internal network.

BTW, one thing to watch out for is that /if/ you have two clients with 
the same internal IP behind different NAT devices you'll have to patch 
the kernel with the SAREF patches. Then you can specify overlapip=yes 
and sareftrack=yes in your config. protostack=mast is required for these 
two options to work.

Cheers

Alex

On 20/07/12 12:29, Sandra Schlichting wrote:
> Dear Alex,
>
> I see. So IPSec is just a tunnel. Very interesting =)
>
> Hugs,
> Sandra
>
>
>
> On 19 July 2012 13:17, Alex Crow <acrow at integrafin.co.uk> wrote:
>> Dear Sandra,
>>
>> To provide a private IP to the phones, you will probably need to use
>> IPSEC+L2TP - which most phones will support. I personally use Openswan with
>> xl2tpd.
>>
>> Good starting points here:
>>
>> http://www.jacco2.dds.nl/networking/openswan-l2tp.html
>>
>> Cheers
>>
>> Alex
>>
>>
>> On 19/07/12 11:59, Sandra Schlichting wrote:
>>> Dear readers,
>>>
>>> I have a working OpenVPN setup right now, where users can connect the
>>> the private network at home with their computers.
>>>
>>> However most phones only support IPSec, so I would like to offer the
>>> same service for phones with IPSec as I do for computers with OpenVPN.
>>>
>>> Problem
>>>
>>> I can't find any tutorials that describes how to configure OpenSWAN to
>>> offer a private IP to the client.
>>>
>>> With my OpenVPN, clients have to provide a key and passphrase to get
>>> access. On Android/iPhone I suppose a key is not possible, so it would
>>> be fine with only a passphrase.
>>>
>>> Question
>>>
>>> Can OpenSWAN be configured to give a private IP to the clients,
>>> similar to my OpenVPN setup?
>>>
>>> OpenVPN config
>>>
>>> port 1194
>>> proto udp
>>> dev tun
>>> ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
>>> cert /etc/openvpn/secrets/server.crt
>>> key /etc/openvpn/secrets/server.key
>>> dh /etc/openvpn/secrets/dh1024.pem
>>> server 192.168.240.0 255.255.255.0
>>> ifconfig-pool-persist ipp.txt
>>> push "route 10.10.64.0  255.255.252.0"
>>> push "dhcp-option DNS xxx.xxx.xxx.xxx"
>>> duplicate-cn
>>> keepalive 10 120
>>> comp-lzo
>>> user openvpn
>>> group openvpn
>>> persist-key
>>> persist-tun
>>> status /var/log/openvpn-status.log
>>> log-append  /var/log/openvpn.log
>>> verb 4
>>> mute 20
>>> plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so
>>> "/etc/openvpn/auth/ldap.conf"
>>> script-security 2
>>> auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env
>>> learn-address /etc/openvpn/scripts/log_clients_ip.sh
>>>
>>> Hugs,
>>> Sandra
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>
>> --
>> This message is intended only for the addressee and may contain
>> confidential information.  Unless you are that person, you may not
>> disclose its contents or use it in any way and are requested to delete
>> the message along with any attachments and notify us immediately.
>>
>> "Transact" is operated by Integrated Financial Arrangements plc
>> Domain House, 5-7 Singer Street, London  EC2A 4BQ
>> Tel: (020) 7608 4900 Fax: (020) 7608 5300
>> (Registered office: as above; Registered in England and Wales under number:
>> 3727592)
>> Authorised and regulated by the Financial Services Authority (entered on the
>> FSA Register; number: 190856)
>>
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


-- 
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856)

More information about the Users mailing list