[Openswan Users] (no subject)

volkan.goeksel at hsvv.hessen.de volkan.goeksel at hsvv.hessen.de
Tue Apr 15 08:55:41 EDT 2008


Dr. Michael Schwartzkopff wrote:
Hi,

Perhaps you want to read:
http://www.openswan.org/docs/local/README.XAUTHclient
and
http://www.openswan.org/docs/local/README.XAUTH

But are you really sure you want this? Perhaps certificates are more easy 
to 
use?

Inside OpenSWAN there is NO way to authenticate or authorize clients on 
LAN1 
if the the tunnel is established between GW1 and GW2. How could this be 
done? 
You would have to authenticate users inside the tunnel i.e. by iptables or 

better to use a proxy system.

If you really waht to authenticate the use of the tunnel you would have to 

establish the tunnels from the clients to GW1.

Perphaps OpenVPN would fit your needs better?

Greetings,
------------------------------------------------------------------------------------------

Hi,

thank you for your wonderful reply!

I think I will realize that with a proxy system... good idea.
May it be possible when I install squid on the GW1 to authenticate clients 
on LAN1? Or do the proxy server have to be installed on GW2?
I want to add some VPN-Gateways soon and don't want to configure a proxy 
server on every VPN-Gateway.

I want to use a site-to-site VPN with IPsec, thats why I can't configure 
road warriors and use OpenVPN.

Thank you again 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080415/7507ab2e/attachment.html 


More information about the Users mailing list