Thank you for the quick reply Ihsan, :)<br><br>I think it would be better to tell what I want to do. <br><br>I have a company network behind a firewall router. We have servers and employees at different physical locations and sometimes these servers and employees will need to reach the internal company network.
<br><br>I want to establish a host-to-network type VPN connection with x509 certificates so that employees and servers can reach the company resources securely. <br><br>I have a DHCP Server and different data and file servers in the company network. I will also have a linux machine in the network (Suse SLES 9 with SP3 Kernel
2.6.5-7.257.smp - the latest available to the Suse SLES 9 - ) that holds the Openswan. This linux machine is also a CA.<br><br>Now, for the test purposes, I built a linux desktop PC with the above mentioned features and put it in the company LAN. No DHCP Server is set on this test machine. This PC has just one Ethernet NIC card. I intend to use this PC as a VPN server for now.
<br><br>Would it be possible to make a host-to-network connection with this configuration? <br><br>Can anybody give me a clear direction to do this host-to-network VPN connection with x509 certificates? <br><br>PS: I followed the instructions at
<a href="http://www.natecarlson.com/linux/ipsec-x509.php" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Nate Carlson's</a> web page but I couldn't manage to make the connection. :(<br><br>Thank you all
<br><br>Can Akalin<br><br><br><br><div><span class="gmail_quote">On 6/2/06,
<b class="gmail_sendername"><a href="mailto:ihsanturkmen@hedefalliance.com.tr" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">ihsanturkmen@hedefalliance.com.tr</a></b> <<a href="mailto:ihsanturkmen@hedefalliance.com.tr" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
ihsanturkmen@hedefalliance.com.tr</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>
<br><font face="sans-serif" size="2">Hi..</font>
<br><font face="sans-serif" size="2">There are two VPN types. One is transport
mode (host-to-host) and the other is tunnel mode (network-to-network) .
If you want to make a network-to-network VPN , you need two network
interfaces on each side , one for external network and the other
for the internal network.Interfaces do not have to be ethernet, any other
type of interface wellcomes. .,You don't have to have a public ip address
either . It is not a must.</font>
<br>
<br><font face="sans-serif" size="2">If you need to make a host-to-host VPN,
you don't need two network interfaces.</font>
<br>
<br>
<br><font face="sans-serif" size="2">İhsan Türkmen<br>
Hedef Alliance Holding A.Ş.<br>
Bilgi Sistemleri Direktörlüğü<br>
<br>
Namık Kemal Cad. Göztepe Mah.<br>
Karanfil Sok. No: 62<br>
34550 Bağcılar / İstanbul/TR<br>
Tel : +90 (212) 445 50 95<br>
Fax: +90 (212) 445 97 54<br>
</font>
<br>
<br>
<br>
<table width="100%">
<tbody><tr valign="top">
<td width="40%"><font face="sans-serif" size="1"><b>"Can Akalin"
<<a href="mailto:canakalin77@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">canakalin77@gmail.com</a>></b> </font>
<br><font face="sans-serif" size="1">Sent by: <a href="mailto:users-bounces@openswan.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">users-bounces@openswan.org</a></font>
<p><font face="sans-serif" size="1">02.06.2006 17:01</font>
</p></td><td width="59%">
<table width="100%">
<tbody><tr valign="top">
<td>
<div align="right"><font face="sans-serif" size="1">To</font></div>
</td><td><font face="sans-serif" size="1"><a href="mailto:users@openswan.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">users@openswan.org</a></font>
</td></tr><tr valign="top">
<td>
<div align="right"><font face="sans-serif" size="1">cc</font></div>
</td><td>
<br></td></tr><tr valign="top">
<td>
<div align="right"><font face="sans-serif" size="1">Subject</font></div>
</td><td><font face="sans-serif" size="1">[Openswan Users] A quick question</font></td></tr></tbody></table>
<br>
<table>
<tbody><tr valign="top">
<td>
<br></td><td><br></td></tr></tbody></table>
<br></td></tr></tbody></table>
<br>
<br>
<br><font size="3"></font></div><div><span><font size="3">Hello everyone,<br>
<br>
I was reading a book called "Network Administrators Survival Guide"
by Cisco Press. Over there, at the chapter "Linux based VPN",
it says that the Linux machine that holds the Openswan VPN Server should
have a 2 Ethernet NIC cards. One for publicly routed IP address and for
the private network. Is this correct? <br>
<br>
I have a computer in my private network and it has one NIC card. This
machine is a Linux machine, behind a firewall router and has Openswan 2.4.5.
So, can't I use this Linux machine as a VPN Server?<br>
<br>
One other question is that when I make a host-to-server connection from
remote, What IP address the remote host will take? Is there supposed to
be a DHCP server in the private network where the Openswan Server resides,
or perhaps in the machine that holds Openswan VPN server? <br>
<br>
Thank you.<br>
<br>
-- <br></font></span></div><font size="3"></font><div>
<font size="3">Can Akalin </font><font size="2"><tt>_______________________________________________<br>
<a href="mailto:Users@openswan.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.openswan.org/mailman/listinfo/users</a><br>
Building and Integrating Virtual Private Networks with Openswan: <br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br>
</tt></font>
<br><pre>Bu e-posta ve eklerinde verilen bilgiler kisiye ozel ve gizli olup,yalnizca mesajda belirlenen alici ile ilgilidir.<br>Bu mesajda bulunan tum fikir,gorus ve ekindeki dosyalar sadece adres sahibine ait olup,Hedef Alliance Holding
<br>A.S. ve/veya istirakleri hic bir sekilde sorumlu tutulamaz. Sirketimiz mesajin ve bilgilerin size degisiklige ugrayarak veya gec ulasmasindan,butunlugunun ve gizliliginin korunamamasindan,virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan sorumlu tutulamaz.
<br><br><br>This message and attachments are confidential and intended solely for the individual(s) stated in this message. This email is not intended to impose nor shall it be construed as imposing any legally binding obligation upon Hedef Alliance Holding
<br>A.S. and/or any of its subsidiaries or associated companies. Our company shall have no liability for any changes or late receiving,loss of integrity and confidentiality,viruses and any damages caused in anyway to your computer system.
<br></pre></div></blockquote></div><br><br clear="all"><br>-- <br>Can Akalin