[Openswan Users] A quick question

Can Akalin canakalin77 at gmail.com
Fri Jun 2 12:10:37 CEST 2006


Thank you for the quick reply Ihsan, :)

I think it would be better to tell what I want to do.

I have a company network behind a firewall router. We have servers and
employees at different physical locations and sometimes these servers and
employees will need to reach the internal company network.

I want to establish a host-to-network type VPN connection with x509
certificates so that employees and servers can reach the company resources
securely.

I have a DHCP Server and different data and file servers in the company
network. I will also have a linux machine in the network (Suse SLES 9 with
SP3 Kernel 2.6.5-7.257.smp - the latest available to the Suse SLES 9 - )
that holds the Openswan. This linux machine is also a CA.

Now, for the test purposes, I built a linux desktop PC with the above
mentioned features and put it in the company LAN. No DHCP Server is set on
this test machine.  This PC has just one Ethernet NIC card. I intend to use
this PC as a VPN server for now.

Would it be possible to make a host-to-network connection with this
configuration?

Can anybody give me a clear direction to do this host-to-network VPN
connection with x509 certificates?

PS: I followed the instructions at Nate
Carlson's<http://www.natecarlson.com/linux/ipsec-x509.php>web page but
I couldn't manage to make the connection. :(

Thank you all

Can Akalin



On 6/2/06, ihsanturkmen at hedefalliance.com.tr <
ihsanturkmen at hedefalliance.com.tr> wrote:
>
>
> Hi..
> There are two VPN types. One is transport mode (host-to-host) and the
> other is tunnel mode (network-to-network)  . If you want to make a
> network-to-network  VPN , you need two network interfaces on each side  ,
> one for external network and the other for the internal network.Interfacesdo not have to be ethernet, any other type of interface wellcomes. .,You
> don't have to have a public ip address either . It is not a must.
>
> If you need to make a host-to-host VPN, you don't need two network
> interfaces.
>
>
> İhsan Türkmen
> Hedef Alliance Holding A.Ş.
> Bilgi Sistemleri Direktörlüğü
>
> Namık Kemal Cad. Göztepe Mah.
> Karanfil Sok. No: 62
> 34550 Bağcılar / İstanbul/TR
> Tel : +90 (212) 445 50 95
> Fax: +90 (212) 445 97 54
>
>
>
>  *"Can Akalin" <canakalin77 at gmail.com>*
> Sent by: users-bounces at openswan.org
>
> 02.06.2006 17:01
>   To
> users at openswan.org  cc
>
>  Subject
> [Openswan Users] A quick question
>
>
>
>
>
>
> Hello everyone,
>
> I was reading a book called "Network Administrators Survival Guide" by
> Cisco Press. Over there, at the chapter "Linux based VPN", it says that the
> Linux machine that holds the Openswan VPN Server should have a 2 Ethernet
> NIC cards. One for publicly routed IP address and for the private network.
> Is this correct?
>
> I have a computer in my private network and it has one NIC card. This
> machine is a Linux machine, behind a firewall router and has Openswan
> 2.4.5. So, can't I use this Linux machine as a VPN Server?
>
> One other question is that when I make a host-to-server connection from
> remote, What IP address the remote host will take? Is there supposed to be a
> DHCP server in the private network where the Openswan Server resides, or
> perhaps in the machine that holds Openswan VPN server?
>
> Thank you.
>
> --
> Can Akalin _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> Bu e-posta ve eklerinde verilen bilgiler kisiye ozel ve gizli olup,yalnizca mesajda belirlenen alici ile ilgilidir.
> Bu mesajda bulunan tum fikir,gorus ve ekindeki dosyalar sadece adres sahibine ait olup,Hedef Alliance Holding
> A.S. ve/veya istirakleri hic bir sekilde sorumlu tutulamaz. Sirketimiz mesajin ve bilgilerin size degisiklige ugrayarak veya gec ulasmasindan,butunlugunun ve gizliliginin korunamamasindan,virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan sorumlu tutulamaz.
>
>
> This message and attachments are confidential and intended solely for the individual(s) stated in this message. This email is not intended to impose nor shall it be construed as imposing any legally binding obligation upon Hedef Alliance Holding
> A.S. and/or any of its subsidiaries or associated companies. Our company shall have no liability for any changes or late receiving,loss of integrity and confidentiality,viruses and any damages caused in anyway to your computer system.
>
>


-- 
Can Akalin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060602/df1452dc/attachment-0001.htm


More information about the Users mailing list