[Openswan Users] Is this possible?

Chris Thomas cthomas at harkinsbuilders.com
Mon Mar 10 15:01:12 EDT 2008 

OK, great to hear that it's do-able then. 

 

My central site has a static IP.  We're actually running dual bonded
T-1's for internet.  

 

The remote sites will not need to connect to each other.  Connecting
only to HQ is perfectly fine.  

 

Is there anything special I need to configure on the remote sites to
have them initiate the connection or does this just "happen"?

 

My company is running a Check Point firewall, but the OpenSwan Linux box
will be connected outside of it (one interface will be plugged into
"raw" internet and the other will be plugged in to my LAN) so I will not
need to perform an sort of NAT.  

 

I am unfamiliar with roadwarrior.  I will have to do some looking around
on that one.  

 

Is there a place anyone recommends for some "how-tos" to assist me with
all this stuff?  

 

Thanks very much for your assistance.

 

-Chris

 

From: Peter McGill [mailto:petermcgill at goco.net] 
Sent: Monday, March 10, 2008 2:42 PM
To: Chris Thomas; users at openswan.org
Subject: RE: [Openswan Users] Is this possible?

 

As long as your central site has a static IP this is possible.

Note however, that there are two things having a dynamic ip at the
remote site affects.

1) The dynamic sites cannot tunnel to each other directly, but must
communicate through

the central site, because they will not know the ip's of the other
sites.

(Note: Since your using Linksys which probably only allows 1 or 2
tunnels, you'd probably

need to do this anyway regardless of static or dynamic ip's at the
remote sites.)

2) The central site cannot initiate or reconnect to remote sites, the
remote sites must handle

the connection initiations and reconnections because the central site
won't know which ip's

to connect to.

 

If your looking for a cheap way to connect your sites, this is probably
a good solution.

Just be aware of the above limitations, and get a good/unlimited
internet account at the

central site, especially if you want the remote sites to talk to each
other (through the

central site) as this will increase the load at the central site. If
possible avoid using,

nat-traversal and connect the routers and Linux server directly to the
internet connection.

This will also save you some headaches getting things all working.

 

Use roadwarrior configuration samples for your remote sites. Roadwarrior
relating to

changing ip, rather than actual equipment movement, which may or may not
happen.

 

Peter McGill

 

	 

	
________________________________


	From: users-bounces at openswan.org
[mailto:users-bounces at openswan.org] On Behalf Of Chris Thomas
	Sent: March 10, 2008 11:50 AM
	To: users at openswan.org
	Subject: [Openswan Users] Is this possible?

	I would like to put a Linksys WRVS4400N at each of my remote
sites (I have about 10 or 20) and configure a Linux server running
OpenSwan at my Headquarters location to receive the VPN
connections/tunnels from each remote site.  Each site has a dynamic IP
address.  Is it possible to make this happen or do all remote sites need
to have static IP's?

	 

	Thanks in advance for the insight.

	 

	-Chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080310/57806b34/attachment.html

More information about the Users mailing list