[Openswan Users] DHCP/Any Traffic over an established VPN tunnel

Carlos Lopez the_spide21 at yahoo.com
Thu Oct 8 16:02:41 EDT 2009 

hi Paul,

Thanks for your reply.

> I'm not sure what you're trying to do. Perhaps you mean
> L2TP,
> which will give your laptop an IP address from a pool on
> the
> server side? 

Yes, I'd like to do that, but only on a dlink or linksys router. I meant that Linksys or dlink device will be trying to do an authentication against the VPN server and get for example the second ip from the VPN server's range, let's say 172.17.0.2, the rest of the IPs will be assigned via DHCP (172.17.0.3-172.17.0.254) to ExternalUsers' Pcs.

>Using Openswan and Xl2tpd you can do that. 

Well, I do not want to use Xl2tpd, at the moment.


> I am
> not sure about your talk of a "tunnel in a tunnel", but in
> principe you should be able to make as many "babushka's"
> as
> you want.

ExternaUsers's traffic (UDP/TCP) should be passed through the already opened tunnel (by the linksys or Dlink device) and get their IPs via DHCP, just like the corporate LAN's users.

I do not want ExternaUsers do any kind of VPN conectivity or authentication, they will just plug their PC's on the attached switch and the corporate DHCPD will give an IP to every PC. I think that the dlink or Linksys device will be working as a traffic bridge between corporate users/servers and ExternaUsers on the other side, correct me if I am wrong.

I'd like to achieve this kind of configuration because I would be able to have the control of user's IP's assingments and also include many other configuration via DHCP server just like ntp server and many mode. The same way I do on the corporate LAN.

Again, Thanks for help.

Carlos.





> 
> Paul
> 
> > 1- Create a Linux Gateway/Router:
> >
> > ISP Ip = 1.2.3.4
> > LAN IP = 172.16.0.1
> >
> > 2- Create a a Linux DNS/DHCP server:
> >
> > Server IP= 172.16.0.2
> > LAN DHCP lease = 172.16.0.10 - 172.16.0.254
> > LAN DHCP VPN lease = 172.17.0.10 - 172.17.0.254
> >
> > 3- Create an email server with qmail:
> >
> > Server IP= 172.16.0.3
> >
> > 4- Create an apache web server:
> >
> > Server IP= 172.16.0.4
> >
> > 3- create a VPN server
> >
> > eth0 = 172.16.0.5 (Part of Corporate LAN segment)
> > vpnIface= 172.17.0.0/24 (External branch ip segment)
> >
> >
> > 3- Linksys and/or Dlink VPN device --> connect to
> ISP
> > ip=1.2.3.4:VPNPORT
> >
> > ISP IP = 1.2.3.5 (User/Branch ISP assigned IP)
> > vpnIP= 172.17.0.3 (This is the IP gotten from the VPN
> > server after authentication)
> >
> > 4- Now connect a 24 ports switch to Linksys and/or
> Dlink
> > VPN device and from the switch connect some users:
> >
> > USER1 = 172.17.0.10  (IP gotten from DHCP server
> on
> > corporate LAN)
> > USER2 = 172.17.0.11  (IP gotten from DHCP server
> on
> > corporate LAN)
> > USERn = 172.17.0.254 (IP gotten from DHCP server on
> > corporate LAN)
> >
> > All USER's traffic (TCP/UDP) will go through the
> Linksys
> > and/or Dlink VPN device and will tunnel the traffic to
> the
> > corporate LAN.
> >
> > Can this kind of deployment be possible with
> > OpenSwang?
> >
> > I'd like you help me out with this, since i am on a
> > challance, another co-worker is proposing an
> expensive
> > solution, and I told by boss that with GNU/Linux we
> can go
> > further, deployment isn't that expensive and we can
> get
> > support from forums and also from the creator at
> lowest
> > charge than Cisco or anyother company, that why I need
> your
> > help.
> >
> > Thanks in advanced for your great help.
> >
> > Carlos.
> >
> >
> >
> >     
> ____________________________________________________________________________________
> > ¡Obtén la mejor experiencia en la web!
> > Descarga gratis el nuevo Internet Explorer 8.
> > http://downloads.yahoo.com/ieak8/?l=e1
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks with
> Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
> 


      ____________________________________________________________________________________
¡Obtén la mejor experiencia en la web!
Descarga gratis el nuevo Internet Explorer 8. 
http://downloads.yahoo.com/ieak8/?l=e1

More information about the Users mailing list