[Openswan Users] Basic Openswan question

Peter McGill petermcgill at goco.net
Wed Nov 29 09:14:00 EST 2006


> Date: Tue, 28 Nov 2006 17:44:14 -0800 (PST)
> From: Ladi <mafja at yahoo.com>
> 
> I'm new to IPSec and it's true, i'm a bit confused. I know 
> that IPSec operates on two modes, tunnel and transport mode. 
> 
> I managed to secure the connection to the terminal server in 
> WinXP -> Win 2k3 server and i didn't have to specify a VPN. 
> In the win2k3 server machine i configure the IPSec policy to 
> receive only IPSec traffic (using certificates) on the TCP 
> port 3389 (for terminal server) for all the connections. And 
> from the client side (Win XP) i specify to use IPSec with 
> certificate for all the traffic going out to TCP 3389. In 
> this way someone can connect to the terminal server from any 
> place and still can connect as far as (s)he has the right 
> certificates. To be honest with you i don't know which mode 
> this is (sorry for my ignorance).
> 
> The problem is that this i have to do from linux thin clients 
> as well, and that's why i wanted to use Openswan. But from 
> whatever i red is that there should be two gateways (A and B) 
> connected with the VPN... 

Your probably using transport mode, in the same way we would
Setup L2TP/IPSec, you've probably setup Terminal Server/IPSec.
In which case you really are using a VPN, depending on the
Definition you use, which is just encrypted private traffic,
Over a public network (the internet), by it's broadest definition.
This is what you want, you want to protect your communications,
Which is why your using IPSec (which wether or not Windows told
You it is a VPN. Your just not transmitting traffic for entire
Networks but only one computer to another, which is what transport
Mode is for. Look at the L2TP/IPSec examples and change the
rightprotoport=tcp/3389 and leftprotoport=tcp/%any

http://www.jacco2.dds.nl/networking/linux-l2tp.html

Ignore the parts about L2TP and substitute with your Terminal Server.

Peter



More information about the Users mailing list