[Openswan Users] Routing Between VPNs
James Crow
james at ultratans.com
Thu Feb 23 11:32:19 CET 2006
On Wednesday 22 February 2006 16:28, Paul Wouters wrote:
> On Wed, 22 Feb 2006, James Crow wrote:
> > I now have a need to connect ~15 remote users who will need to connect
> > to the central LAN (where Openswan sits) and the remote LANs. Because
> > these 15 new users will all be connecting from dynamic IPs I wanted to
> > use something other than IPSec VPNs.
>
> Why do you want something other then IPsec VPNs?
IPsec VPNs with Win2k (and XP) in road warrior can be a little difficult for
the user. If I use PSK then all users must have the same pass phrase. If I
use X.509 then the users must import the keys. Once I have the tunnel it
appears as thought I have to contend with L2TP to easily route traffic over
the VPN.
With OpenVPN when the user connects they have a virtual interface with an IP
that I assign from the server. I can also push routes through to the Windows
boxes.
The install for OpenVPN is a single windows installer and then a couple of
config files that must be copied.
>
> > I installed OpenVPN (SSL VPN product) on the Openswan box and can
> > connect to the Openswan box through this VPN.
> >
> > Can I use this setup to route traffic coming in on the OpenVPN to the
> > Openswan box and then out to the remote LANs?
>
> As long as you have ipsec tunnels covering the source-destination
> combinations of IP addresses, it does not matter whether these packets
> come from local machines, or openvpn connected ones. that said, I have
> never combined the two on a single box.
>
> Paul
Here are the changes I made (and it is working):
On the IPsec tunnel I changed the config (leftsubnet in Openswan and the
remote network in SonicWALL) to have the network 10.1.1.0/24. (The Openswan
server has ip 10.1.1.1/25) My OpenVPN server has ip 10.1.1.130/25 and assigns
ips 10.1.1.131 - 10.1.1.254.
When a client connects over OpenVPN they have three routes passed:
192.168.96.0 255.255.224.0
192.168.128.0 255.255.224.0
10.1.1.0 255.255.255.128
All three routes have the gateway as the OpenVPN server.
The SonicWALLs see the IP of OpenVPN clients and route traffic to the
Openswan box which knows how to route the traffic to the OpenVPN client.
The OpenVPN clients have static routes to all the SonicWALL sites that route
through the Openswan box.
Everything is up and working.
Thanks to Paul and the others who replied off list.
Thanks,
James
--
James Crow
IT Manager
ULTRATAN, Inc.
More information about the Users
mailing list