<br><font size=2><tt>Dr. Michael Schwartzkopff</tt></font><font size=2 face="sans-serif">
wrote:</font>
<br><font size=2><tt>Hi,<br>
<br>
Perhaps you want to read:<br>
http://www.openswan.org/docs/local/README.XAUTHclient<br>
and<br>
http://www.openswan.org/docs/local/README.XAUTH<br>
<br>
But are you really sure you want this? Perhaps certificates are more easy
to <br>
use?<br>
<br>
Inside OpenSWAN there is NO way to authenticate or authorize clients on
LAN1 <br>
if the the tunnel is established between GW1 and GW2. How could this be
done? <br>
You would have to authenticate users inside the tunnel i.e. by iptables
or <br>
better to use a proxy system.<br>
<br>
If you really waht to authenticate the use of the tunnel you would have
to <br>
establish the tunnels from the clients to GW1.<br>
<br>
Perphaps OpenVPN would fit your needs better?<br>
<br>
Greetings,</tt></font>
<br><font size=2 face="sans-serif">------------------------------------------------------------------------------------------</font>
<br>
<br><font size=2 face="sans-serif">Hi,</font>
<br>
<br><font size=2 face="sans-serif">thank you for your wonderful reply!</font>
<br>
<br><font size=2 face="sans-serif">I think I will realize that with a proxy
system... good idea.</font>
<br><font size=2 face="sans-serif">May it be possible when I install squid
on the GW1 to authenticate clients on LAN1? Or do the proxy server have
to be installed on GW2?</font>
<br><font size=2 face="sans-serif">I want to add some VPN-Gateways soon
and don't want to configure a proxy server on every VPN-Gateway.</font>
<br>
<br><font size=2 face="sans-serif">I want to use a site-to-site VPN with
IPsec, thats why I can't configure road warriors and use OpenVPN.</font>
<br>
<br><font size=2 face="sans-serif">Thank you again </font>