[Openswan Users] (no subject)

Michael Schwartzkopff misch at multinet.de
Tue Apr 15 03:55:48 EDT 2008

Am Dienstag, 15. April 2008 08:59 schrieb volkan.goeksel at hsvv.hessen.de:
> Dear Openswan User,
> my networkstructure looks like this:
> LAN1 <-> VPN-Gateway <-> VPN-Gateway1 <-> LAN2
> this is a site-to-site vpn with a ipsec tunnel (between gateway1 and 2).
> vpn works. but i want to install a radius server on the vpn-gateway1,
> because i want that the client on lan2 have to type username and password
> to reach lan1.
> if the passwort is incorrect, he cant connect with lan1.
> clients = windows xp
> gateways = linux 2.6 with openswan
> i already installed freeradius on the gateway1, but i dont know how to
> begin.
> the supporter of the freeradius mailinglist said that i should ask that
> question here.
> can anyone help me?


Perhaps you want to read:

But are you really sure you want this? Perhaps certificates are more easy to 

Inside OpenSWAN there is NO way to authenticate or authorize clients on LAN1 
if the the tunnel is established between GW1 and GW2. How could this be done? 
You would have to authenticate users inside the tunnel i.e. by iptables or 
better to use a proxy system.

If you really waht to authenticate the use of the tunnel you would have to 
establish the tunnels from the clients to GW1.

Perphaps OpenVPN would fit your needs better?


Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: misch at multinet.de
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens


PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42

More information about the Users mailing list