[Openswan Users] A few questions... I'd like to RTFM, but...

Troy Telford ttelford.groups at gmail.com
Sat Sep 4 18:00:13 EDT 2010

I've been trying to figure out how to install OpenSwan (2.6.28) on a 
Debian Linux system; I have the Openswan book, and have also looked 
around online.  My setup is intended to be a "road warrior" setup, 
allowing others to connect securely to my LAN.

I've been setting it up to use certificates, and the book is most 
helpful there, however there are a few things that are still unclear to 

1.)  How are 'internal' VPN'd IP addresses handled for a 'pure' IPsec 
connection?  So far, it seems that the 'internal' IP address needs to 
be configured statically, and part of my brain refuses to accept that 
static IP address assignment is the only option for pure IPsec...  Is 
there a mechanism for an internal IP address to be auto-assigned after 
an IPSec connection is established?

2.)  If I want to have 'nice' things automatically assigned to my VPN 
clients via DHCP (like assigning an IP addresses, an internal DNS 
server, etc.) is L2TP the only way to do it?

3.)  In examples and in the mailing list archive, I keep seeing:

I cannot find where the vhost: is documented; I'm curious about what 
it's for, as well as the arguments it's providing.  I certainly can't 
find the documentation in 'man ipsec.conf'

4.)  This is mainly curiosity:  The Openswan book has a chapter 
dedicated to opportunistic encryption - just how commonly is OE used on 
the internet at large?  Since my site is merely a 'consumer' of data, 
not a producer, is it likely that I'd end up using OE if I were to set 
it up?  Or would it be more of an academic excersise...


More information about the Users mailing list