[Openswan Users] Can OpenSWAN replace OpenVPN?
Sandra Schlichting
littlesandra88 at gmail.com
Thu Jul 19 06:59:16 EDT 2012
Dear readers,
I have a working OpenVPN setup right now, where users can connect the
the private network at home with their computers.
However most phones only support IPSec, so I would like to offer the
same service for phones with IPSec as I do for computers with OpenVPN.
Problem
I can't find any tutorials that describes how to configure OpenSWAN to
offer a private IP to the client.
With my OpenVPN, clients have to provide a key and passphrase to get
access. On Android/iPhone I suppose a key is not possible, so it would
be fine with only a passphrase.
Question
Can OpenSWAN be configured to give a private IP to the clients,
similar to my OpenVPN setup?
OpenVPN config
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/secrets/server.crt
key /etc/openvpn/secrets/server.key
dh /etc/openvpn/secrets/dh1024.pem
server 192.168.240.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.64.0 255.255.252.0"
push "dhcp-option DNS xxx.xxx.xxx.xxx"
duplicate-cn
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4
mute 20
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so
"/etc/openvpn/auth/ldap.conf"
script-security 2
auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env
learn-address /etc/openvpn/scripts/log_clients_ip.sh
Hugs,
Sandra
More information about the Users
mailing list