[Openswan Users] Can OpenSWAN replace OpenVPN?

Alex Crow acrow at integrafin.co.uk
Thu Jul 19 07:17:12 EDT 2012


Dear Sandra,

To provide a private IP to the phones, you will probably need to use 
IPSEC+L2TP - which most phones will support. I personally use Openswan 
with xl2tpd.

Good starting points here:

http://www.jacco2.dds.nl/networking/openswan-l2tp.html

Cheers

Alex

On 19/07/12 11:59, Sandra Schlichting wrote:
> Dear readers,
>
> I have a working OpenVPN setup right now, where users can connect the
> the private network at home with their computers.
>
> However most phones only support IPSec, so I would like to offer the
> same service for phones with IPSec as I do for computers with OpenVPN.
>
> Problem
>
> I can't find any tutorials that describes how to configure OpenSWAN to
> offer a private IP to the client.
>
> With my OpenVPN, clients have to provide a key and passphrase to get
> access. On Android/iPhone I suppose a key is not possible, so it would
> be fine with only a passphrase.
>
> Question
>
> Can OpenSWAN be configured to give a private IP to the clients,
> similar to my OpenVPN setup?
>
> OpenVPN config
>
> port 1194
> proto udp
> dev tun
> ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
> cert /etc/openvpn/secrets/server.crt
> key /etc/openvpn/secrets/server.key
> dh /etc/openvpn/secrets/dh1024.pem
> server 192.168.240.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> push "route 10.10.64.0  255.255.252.0"
> push "dhcp-option DNS xxx.xxx.xxx.xxx"
> duplicate-cn
> keepalive 10 120
> comp-lzo
> user openvpn
> group openvpn
> persist-key
> persist-tun
> status /var/log/openvpn-status.log
> log-append  /var/log/openvpn.log
> verb 4
> mute 20
> plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so
> "/etc/openvpn/auth/ldap.conf"
> script-security 2
> auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env
> learn-address /etc/openvpn/scripts/log_clients_ip.sh
>
> Hugs,
> Sandra
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


-- 
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856)



More information about the Users mailing list