[Openswan Users] Openswan and V-IPSecure (SUCCESS with a question)

Paul Wouters paul at xelerance.com
Tue Sep 15 00:27:53 EDT 2009

On Mon, 14 Sep 2009, JT Edwards wrote:

> (any plans on making a Windows or Linux GUI for Openswan?).

There is a partially finished OSX gui and a partially finished NetworkManager plugin
for Linux. No one has worked on integration with Windows yet, though it should be
easy with the new advanced shell in Windows7. (easy as in just time consuming :)

> Xen box (Local Openswan VPN gateway server) Public IP eth0
> tun 0 Internal IP vnet0
> Netgear 3205 (V-IPSecure)  Public IP Internal IP
> Xen box (remote) Internal LAN IP  eth0  Internal IP
> vnet0
> I would like to route a connection so that only the Local XEN environment
> and the Remote XEN environment can pass VPN packets. I have two VPN policies
> set up to handle this on the Netgear and Openswan sides. I am able to ping
> both gateways; however, I cannot touch the XEN environments.
> I am unsure if I was to include a source IP in my ipsec.conf or not. May I
> respectfully ask for some routing help since I am novice to this?

I am not entirely sure of the network, the problem, or your testing. Note that
I've seen strange things using netkey+xen.

> conn ait-2-torden-xen
>        type=tunnel
>        keyingtries=7
>        aggrmode=yes
>        compress=no
>        authby=secret
>        left=
>        leftid=
>        leftsubnet=
>        right=
>        rightid=
>        rightsubnet=
>         auto=start

This should work, but note that you will not have ipsec between and
If those two hosts need to communicate to each other using ipsec, they need to use the
internal ip (which is part of the subnet, and therefor part of the ipsec tunnel).
You can do this by adding


where these ips are their locally configured ip addresses (substitute the X)

Alternatively add a connection without the rightsubnet/leftsubnet to create a tunnel
between the two public IP addresses.


More information about the Users mailing list