[Openswan Users] Can OpenSWAN replace OpenVPN?

geert geurts geert at verweggistan.eu
Thu Jul 19 07:19:54 EDT 2012 

Hi Sandra,

I think we pretty much have the same rerequirements and reasons to look
into ipsec...
I also had a openvpn and currently have an ipsec vpn for my phone.
What you need is an l2tp tunnel over ipsec.
You first create a secure connection over ipsec, after that you build a
tunnel over this secure connection.
There are loads of howto's on the net.
The l2tp can be configured to advertise ip adresses to clients.
A good website to find information is th following:
http://www.jacco2.dds.nl/networking/openswan-l2tp.html

Regards,
Geert


On Thu, Jul 19, 2012 at 12:59 PM, Sandra Schlichting <
littlesandra88 at gmail.com> wrote:

> Dear readers,
>
> I have a working OpenVPN setup right now, where users can connect the
> the private network at home with their computers.
>
> However most phones only support IPSec, so I would like to offer the
> same service for phones with IPSec as I do for computers with OpenVPN.
>
> Problem
>
> I can't find any tutorials that describes how to configure OpenSWAN to
> offer a private IP to the client.
>
> With my OpenVPN, clients have to provide a key and passphrase to get
> access. On Android/iPhone I suppose a key is not possible, so it would
> be fine with only a passphrase.
>
> Question
>
> Can OpenSWAN be configured to give a private IP to the clients,
> similar to my OpenVPN setup?
>
> OpenVPN config
>
> port 1194
> proto udp
> dev tun
> ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
> cert /etc/openvpn/secrets/server.crt
> key /etc/openvpn/secrets/server.key
> dh /etc/openvpn/secrets/dh1024.pem
> server 192.168.240.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> push "route 10.10.64.0  255.255.252.0"
> push "dhcp-option DNS xxx.xxx.xxx.xxx"
> duplicate-cn
> keepalive 10 120
> comp-lzo
> user openvpn
> group openvpn
> persist-key
> persist-tun
> status /var/log/openvpn-status.log
> log-append  /var/log/openvpn.log
> verb 4
> mute 20
> plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so
> "/etc/openvpn/auth/ldap.conf"
> script-security 2
> auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env
> learn-address /etc/openvpn/scripts/log_clients_ip.sh
>
> Hugs,
> Sandra
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120719/44e3eb40/attachment.html>

More information about the Users mailing list