[Openswan Users] DHCP/Any Traffic over an established VPN tunnel

Paul Wouters paul at xelerance.com
Thu Oct 8 15:16:59 EDT 2009 

On Thu, 8 Oct 2009, Carlos Lopez wrote:

> I've been reading and googling but I did not found out any
> answer on how to configure remote clients with an already
> established VPN tunnel and pass their traffic over the VPN
> and also passthrough DHCP request, my set up would be like
> this:

I'm not sure what you're trying to do. Perhaps you mean L2TP,
which will give your laptop an IP address from a pool on the
server side? Using Openswan and Xl2tpd you can do that. I am
not sure about your talk of a "tunnel in a tunnel", but in
principe you should be able to make as many "babushka's" as
you want.

Paul

> 1- Create a Linux Gateway/Router:
>
> ISP Ip = 1.2.3.4
> LAN IP = 172.16.0.1
>
> 2- Create a a Linux DNS/DHCP server:
>
> Server IP= 172.16.0.2
> LAN DHCP lease = 172.16.0.10 - 172.16.0.254
> LAN DHCP VPN lease = 172.17.0.10 - 172.17.0.254
>
> 3- Create an email server with qmail:
>
> Server IP= 172.16.0.3
>
> 4- Create an apache web server:
>
> Server IP= 172.16.0.4
>
> 3- create a VPN server
>
> eth0 = 172.16.0.5 (Part of Corporate LAN segment)
> vpnIface= 172.17.0.0/24 (External branch ip segment)
>
>
> 3- Linksys and/or Dlink VPN device --> connect to ISP
> ip=1.2.3.4:VPNPORT
>
> ISP IP = 1.2.3.5 (User/Branch ISP assigned IP)
> vpnIP= 172.17.0.3 (This is the IP gotten from the VPN
> server after authentication)
>
> 4- Now connect a 24 ports switch to Linksys and/or Dlink
> VPN device and from the switch connect some users:
>
> USER1 = 172.17.0.10  (IP gotten from DHCP server on
> corporate LAN)
> USER2 = 172.17.0.11  (IP gotten from DHCP server on
> corporate LAN)
> USERn = 172.17.0.254 (IP gotten from DHCP server on
> corporate LAN)
>
> All USER's traffic (TCP/UDP) will go through the Linksys
> and/or Dlink VPN device and will tunnel the traffic to the
> corporate LAN.
>
> Can this kind of deployment be possible with
> OpenSwang?
>
> I'd like you help me out with this, since i am on a
> challance, another co-worker is proposing an expensive
> solution, and I told by boss that with GNU/Linux we can go
> further, deployment isn't that expensive and we can get
> support from forums and also from the creator at lowest
> charge than Cisco or anyother company, that why I need your
> help.
>
> Thanks in advanced for your great help.
>
> Carlos.
>
>
>
>      ____________________________________________________________________________________
> ¡Obtén la mejor experiencia en la web!
> Descarga gratis el nuevo Internet Explorer 8.
> http://downloads.yahoo.com/ieak8/?l=e1
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list