[Openswan Users] Openswan and V-IPSecure (SUCCESS with a question)
JT Edwards
tstrike34 at gmail.com
Tue Sep 15 00:35:46 EDT 2009
Oh partial finished.... No test builds out yet?
Thanks again.
JT
--------------------------------------------------
From: "Paul Wouters" <paul at xelerance.com>
Sent: Tuesday, September 15, 2009 12:27 AM
To: "JT Edwards" <tstrike34 at gmail.com>
Cc: <users at openswan.org>
Subject: Re: [Openswan Users] Openswan and V-IPSecure (SUCCESS with a
question)
> On Mon, 14 Sep 2009, JT Edwards wrote:
>
>> (any plans on making a Windows or Linux GUI for Openswan?).
>
> There is a partially finished OSX gui and a partially finished
> NetworkManager plugin
> for Linux. No one has worked on integration with Windows yet, though it
> should be
> easy with the new advanced shell in Windows7. (easy as in just time
> consuming :)
>
>> Xen box (Local Openswan VPN gateway server) Public IP 22.123.34.56 eth0
>> 172.16.0.1 tun 0 Internal IP 192.168.122.0 vnet0
>>
>> Netgear 3205 (V-IPSecure) Public IP 12.234.22.224 Internal IP
>> 192.168.1.1
>>
>> Xen box (remote) Internal LAN IP 192.168.1.250 eth0 Internal IP
>> 192.168.133.1 vnet0
>>
>> I would like to route a connection so that only the Local XEN environment
>> and the Remote XEN environment can pass VPN packets. I have two VPN
>> policies
>> set up to handle this on the Netgear and Openswan sides. I am able to
>> ping
>> both gateways; however, I cannot touch the XEN environments.
>>
>> I am unsure if I was to include a source IP in my ipsec.conf or not. May
>> I
>> respectfully ask for some routing help since I am novice to this?
>
> I am not entirely sure of the network, the problem, or your testing. Note
> that
> I've seen strange things using netkey+xen.
>
>> conn ait-2-torden-xen
>> type=tunnel
>> keyingtries=7
>> aggrmode=yes
>> compress=no
>> authby=secret
>> left=22.123.34.56
>> leftid=22.123.34.56
>> leftsubnet=172.16.0.0/24
>> right=12.234.22.224
>> rightid=12.234.22.224
>> rightsubnet=192.168.133.0/24
>> auto=start
>
> This should work, but note that you will not have ipsec between
> 22.123.34.56 and 12.234.22.224.
> If those two hosts need to communicate to each other using ipsec, they
> need to use the
> internal ip (which is part of the subnet, and therefor part of the ipsec
> tunnel).
> You can do this by adding
>
> leftsourceip=172.16.0.X
> rightsourceip=192.168.133.X
>
> where these ips are their locally configured ip addresses (substitute the
> X)
>
> Alternatively add a connection without the rightsubnet/leftsubnet to
> create a tunnel
> between the two public IP addresses.
>
> Paul
More information about the Users
mailing list