[Openswan Users] Openswan and V-IPSecure (SUCCESS with a question)

JT Edwards tstrike34 at gmail.com
Tue Sep 15 00:35:46 EDT 2009

Oh partial finished.... No test builds out yet?

Thanks again.


From: "Paul Wouters" <paul at xelerance.com>
Sent: Tuesday, September 15, 2009 12:27 AM
To: "JT Edwards" <tstrike34 at gmail.com>
Cc: <users at openswan.org>
Subject: Re: [Openswan Users] Openswan and V-IPSecure (SUCCESS with a 

> On Mon, 14 Sep 2009, JT Edwards wrote:
>> (any plans on making a Windows or Linux GUI for Openswan?).
> There is a partially finished OSX gui and a partially finished 
> NetworkManager plugin
> for Linux. No one has worked on integration with Windows yet, though it 
> should be
> easy with the new advanced shell in Windows7. (easy as in just time 
> consuming :)
>> Xen box (Local Openswan VPN gateway server) Public IP eth0
>> tun 0 Internal IP vnet0
>> Netgear 3205 (V-IPSecure)  Public IP Internal IP 
>> Xen box (remote) Internal LAN IP  eth0  Internal IP
>> vnet0
>> I would like to route a connection so that only the Local XEN environment
>> and the Remote XEN environment can pass VPN packets. I have two VPN 
>> policies
>> set up to handle this on the Netgear and Openswan sides. I am able to 
>> ping
>> both gateways; however, I cannot touch the XEN environments.
>> I am unsure if I was to include a source IP in my ipsec.conf or not. May 
>> I
>> respectfully ask for some routing help since I am novice to this?
> I am not entirely sure of the network, the problem, or your testing. Note 
> that
> I've seen strange things using netkey+xen.
>> conn ait-2-torden-xen
>>        type=tunnel
>>        keyingtries=7
>>        aggrmode=yes
>>        compress=no
>>        authby=secret
>>        left=
>>        leftid=
>>        leftsubnet=
>>        right=
>>        rightid=
>>        rightsubnet=
>>         auto=start
> This should work, but note that you will not have ipsec between 
> and
> If those two hosts need to communicate to each other using ipsec, they 
> need to use the
> internal ip (which is part of the subnet, and therefor part of the ipsec 
> tunnel).
> You can do this by adding
>  leftsourceip=172.16.0.X
>  rightsourceip=192.168.133.X
> where these ips are their locally configured ip addresses (substitute the 
> X)
> Alternatively add a connection without the rightsubnet/leftsubnet to 
> create a tunnel
> between the two public IP addresses.
> Paul 

More information about the Users mailing list