[Openswan Users] Is this possible?

Peter McGill petermcgill at goco.net
Mon Mar 10 14:41:55 EDT 2008

As long as your central site has a static IP this is possible.
Note however, that there are two things having a dynamic ip at the remote site affects.
1) The dynamic sites cannot tunnel to each other directly, but must communicate through
the central site, because they will not know the ip's of the other sites.
(Note: Since your using Linksys which probably only allows 1 or 2 tunnels, you'd probably
need to do this anyway regardless of static or dynamic ip's at the remote sites.)
2) The central site cannot initiate or reconnect to remote sites, the remote sites must handle
the connection initiations and reconnections because the central site won't know which ip's
to connect to.
If your looking for a cheap way to connect your sites, this is probably a good solution.
Just be aware of the above limitations, and get a good/unlimited internet account at the
central site, especially if you want the remote sites to talk to each other (through the
central site) as this will increase the load at the central site. If possible avoid using,
nat-traversal and connect the routers and Linux server directly to the internet connection.
This will also save you some headaches getting things all working.
Use roadwarrior configuration samples for your remote sites. Roadwarrior relating to
changing ip, rather than actual equipment movement, which may or may not happen.
Peter McGill


From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Chris Thomas
Sent: March 10, 2008 11:50 AM
To: users at openswan.org
Subject: [Openswan Users] Is this possible?

I would like to put a Linksys WRVS4400N at each of my remote sites (I have about 10 or 20) and configure a Linux server running
OpenSwan at my Headquarters location to receive the VPN connections/tunnels from each remote site.  Each site has a dynamic IP
address.  Is it possible to make this happen or do all remote sites need to have static IP's?


Thanks in advance for the insight.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080310/1c9ca126/attachment-0001.html 

More information about the Users mailing list