[Openswan Users] Basic Openswan question

Ladi mafja at yahoo.com
Wed Nov 29 20:01:15 EST 2006

Thanks Peter,

what you said makes sense. I'll go through the examples you provided (the link) and see what happens. 

Once more thanks, I really i appreciate all the help i get here


If you can't be a highway, be a trail. If you can't be the sun, be a star. It is not by size, that you win or fail. Be the best of what you are!

----- Original Message ----
From: Peter McGill <petermcgill at goco.net>
To: users at openswan.org; mafja at yahoo.com
Sent: Wednesday, November 29, 2006 10:14:00 PM
Subject: RE: [Openswan Users] Basic Openswan question

> Date: Tue, 28 Nov 2006 17:44:14 -0800 (PST)
> From: Ladi <mafja at yahoo.com>
> I'm new to IPSec and it's true, i'm a bit confused. I know 
> that IPSec operates on two modes, tunnel and transport mode. 
> I managed to secure the connection to the terminal server in 
> WinXP -> Win 2k3 server and i didn't have to specify a VPN. 
> In the win2k3 server machine i configure the IPSec policy to 
> receive only IPSec traffic (using certificates) on the TCP 
> port 3389 (for terminal server) for all the connections. And 
> from the client side (Win XP) i specify to use IPSec with 
> certificate for all the traffic going out to TCP 3389. In 
> this way someone can connect to the terminal server from any 
> place and still can connect as far as (s)he has the right 
> certificates. To be honest with you i don't know which mode 
> this is (sorry for my ignorance).
> The problem is that this i have to do from linux thin clients 
> as well, and that's why i wanted to use Openswan. But from 
> whatever i red is that there should be two gateways (A and B) 
> connected with the VPN... 

Your probably using transport mode, in the same way we would
Setup L2TP/IPSec, you've probably setup Terminal Server/IPSec.
In which case you really are using a VPN, depending on the
Definition you use, which is just encrypted private traffic,
Over a public network (the internet), by it's broadest definition.
This is what you want, you want to protect your communications,
Which is why your using IPSec (which wether or not Windows told
You it is a VPN. Your just not transmitting traffic for entire
Networks but only one computer to another, which is what transport
Mode is for. Look at the L2TP/IPSec examples and change the
rightprotoport=tcp/3389 and leftprotoport=tcp/%any


Ignore the parts about L2TP and substitute with your Terminal Server.


Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.

More information about the Users mailing list