Hi Sandra,<br><br>I think we pretty much have the same rerequirements and reasons to look into ipsec...<br>I also had a openvpn and currently have an ipsec vpn for my phone.<br>What you need is an l2tp tunnel over ipsec.<br>
You first create a secure connection over ipsec, after that you build a tunnel over this secure connection.<br>There are loads of howto's on the net.<br>The l2tp can be configured to advertise ip adresses to clients.<br>
A good website to find information is th following:<br><a href="http://www.jacco2.dds.nl/networking/openswan-l2tp.html">http://www.jacco2.dds.nl/networking/openswan-l2tp.html</a><br><br>Regards,<br>Geert<br><br><br><div class="gmail_quote">
On Thu, Jul 19, 2012 at 12:59 PM, Sandra Schlichting <span dir="ltr"><<a href="mailto:littlesandra88@gmail.com" target="_blank">littlesandra88@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Dear readers,<br>
<br>
I have a working OpenVPN setup right now, where users can connect the<br>
the private network at home with their computers.<br>
<br>
However most phones only support IPSec, so I would like to offer the<br>
same service for phones with IPSec as I do for computers with OpenVPN.<br>
<br>
Problem<br>
<br>
I can't find any tutorials that describes how to configure OpenSWAN to<br>
offer a private IP to the client.<br>
<br>
With my OpenVPN, clients have to provide a key and passphrase to get<br>
access. On Android/iPhone I suppose a key is not possible, so it would<br>
be fine with only a passphrase.<br>
<br>
Question<br>
<br>
Can OpenSWAN be configured to give a private IP to the clients,<br>
similar to my OpenVPN setup?<br>
<br>
OpenVPN config<br>
<br>
port 1194<br>
proto udp<br>
dev tun<br>
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt<br>
cert /etc/openvpn/secrets/server.crt<br>
key /etc/openvpn/secrets/server.key<br>
dh /etc/openvpn/secrets/dh1024.pem<br>
server 192.168.240.0 255.255.255.0<br>
ifconfig-pool-persist ipp.txt<br>
push "route 10.10.64.0 255.255.252.0"<br>
push "dhcp-option DNS xxx.xxx.xxx.xxx"<br>
duplicate-cn<br>
keepalive 10 120<br>
comp-lzo<br>
user openvpn<br>
group openvpn<br>
persist-key<br>
persist-tun<br>
status /var/log/openvpn-status.log<br>
log-append /var/log/openvpn.log<br>
verb 4<br>
mute 20<br>
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so<br>
"/etc/openvpn/auth/ldap.conf"<br>
script-security 2<br>
auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env<br>
learn-address /etc/openvpn/scripts/log_clients_ip.sh<br>
<br>
Hugs,<br>
Sandra<br>
_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div><br>