[Openswan Users] (no subject)
Michael Schwartzkopff
misch at multinet.de
Tue Apr 15 03:55:48 EDT 2008
Am Dienstag, 15. April 2008 08:59 schrieb volkan.goeksel at hsvv.hessen.de:
> Dear Openswan User,
>
> my networkstructure looks like this:
>
> LAN1 <-> VPN-Gateway <-> VPN-Gateway1 <-> LAN2
>
> this is a site-to-site vpn with a ipsec tunnel (between gateway1 and 2).
>
> vpn works. but i want to install a radius server on the vpn-gateway1,
> because i want that the client on lan2 have to type username and password
> to reach lan1.
> if the passwort is incorrect, he cant connect with lan1.
> clients = windows xp
> gateways = linux 2.6 with openswan
> i already installed freeradius on the gateway1, but i dont know how to
> begin.
> the supporter of the freeradius mailinglist said that i should ask that
> question here.
> can anyone help me?
Hi,
Perhaps you want to read:
http://www.openswan.org/docs/local/README.XAUTHclient
and
http://www.openswan.org/docs/local/README.XAUTH
But are you really sure you want this? Perhaps certificates are more easy to
use?
Inside OpenSWAN there is NO way to authenticate or authorize clients on LAN1
if the the tunnel is established between GW1 and GW2. How could this be done?
You would have to authenticate users inside the tunnel i.e. by iptables or
better to use a proxy system.
If you really waht to authenticate the use of the tunnel you would have to
establish the tunnels from the clients to GW1.
Perphaps OpenVPN would fit your needs better?
Greetings,
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75
mail: misch at multinet.de
web: www.multinet.de
Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens
---
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
More information about the Users
mailing list