[Openswan Users] How to setup connection between openswan server and windows clients in same subnet?

Nate Carlson natecars at natecarlson.com
Wed Aug 4 16:58:59 CEST 2004


On Wed, 4 Aug 2004, Victor Soroka wrote:
> My linux server is gateway to Internet and defaultroute for all clients.
> I want to create secure IPSEC connection from any client to server in
> same subnet. In other words if client wants to connect to other client
> he connects directly, but if he want to connect to server or to any
> internet IP connection becomes encrypted to protect user's traffic from
> sniffing.
>
> So I want something like (on client side):
> 	if ( destination_IP == 176.17.17.1 ) encrypt_connection();
>
> I don't want to assign 2 different IP to each my client. I want to use
> X.509 certificates to authenticate my clients.
>
> So, my questions:
>
> 1. Can I do this?

Sure.

> 2. Can I do this with openswan? Where I can read how to setup it for my case?

Sure, it's a fairly easy setup. Basically, you just set up a tunnel to
0.0.0.0/0 on the Windows box via your Openswan gateway. If I recall
correctly, Windows will not encrypt traffic to the local network with that
set up.

> 3. Which client I should install for my windows clients? Can I do this
> with MSL2TP ?

L2TP will require you to assign a secondary IP. You can use iVPN or
ipsec.exe; my directions for ipsec.exe are at:

http://www.natecarlson.com/linux/ipsec-x509.php

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------


More information about the Users mailing list