[Openswan Users] DHCP/Any Traffic over an established VPN tunnel

Carlos Lopez the_spide21 at yahoo.com
Thu Oct 8 13:46:20 EDT 2009 

Hi all,

I am new to VPN and I got the task to create a solution on
the company I work with, but it must be based on Opensource,
I did some googling and I found out OpenSwang which looks
interesting and the VPN server can be accessed from any
device (ex, linksys or dlink with vpn support).

I've been reading and googling but I did not found out any
answer on how to configure remote clients with an already
established VPN tunnel and pass their traffic over the VPN
and also passthrough DHCP request, my set up would be like
this:

1- Create a Linux Gateway/Router:

ISP Ip = 1.2.3.4
LAN IP = 172.16.0.1

2- Create a a Linux DNS/DHCP server:

Server IP= 172.16.0.2
LAN DHCP lease = 172.16.0.10 - 172.16.0.254
LAN DHCP VPN lease = 172.17.0.10 - 172.17.0.254

3- Create an email server with qmail:

Server IP= 172.16.0.3

4- Create an apache web server:

Server IP= 172.16.0.4

3- create a VPN server

eth0 = 172.16.0.5 (Part of Corporate LAN segment)
vpnIface= 172.17.0.0/24 (External branch ip segment)


3- Linksys and/or Dlink VPN device --> connect to ISP
ip=1.2.3.4:VPNPORT

ISP IP = 1.2.3.5 (User/Branch ISP assigned IP)
vpnIP= 172.17.0.3 (This is the IP gotten from the VPN
server after authentication)

4- Now connect a 24 ports switch to Linksys and/or Dlink
VPN device and from the switch connect some users:

USER1 = 172.17.0.10  (IP gotten from DHCP server on
corporate LAN)
USER2 = 172.17.0.11  (IP gotten from DHCP server on
corporate LAN)
USERn = 172.17.0.254 (IP gotten from DHCP server on
corporate LAN)

All USER's traffic (TCP/UDP) will go through the Linksys
and/or Dlink VPN device and will tunnel the traffic to the
corporate LAN.

Can this kind of deployment be possible with
OpenSwang?

I'd like you help me out with this, since i am on a
challance, another co-worker is proposing an expensive
solution, and I told by boss that with GNU/Linux we can go
further, deployment isn't that expensive and we can get
support from forums and also from the creator at lowest
charge than Cisco or anyother company, that why I need your
help.

Thanks in advanced for your great help.

Carlos.



      ____________________________________________________________________________________
¡Obtén la mejor experiencia en la web!
Descarga gratis el nuevo Internet Explorer 8. 
http://downloads.yahoo.com/ieak8/?l=e1

More information about the Users mailing list