[Openswan Users] Can OpenSWAN replace OpenVPN?
Sandra Schlichting
littlesandra88 at gmail.com
Fri Jul 20 07:29:36 EDT 2012
Dear Alex,
I see. So IPSec is just a tunnel. Very interesting =)
Hugs,
Sandra
On 19 July 2012 13:17, Alex Crow <acrow at integrafin.co.uk> wrote:
> Dear Sandra,
>
> To provide a private IP to the phones, you will probably need to use
> IPSEC+L2TP - which most phones will support. I personally use Openswan with
> xl2tpd.
>
> Good starting points here:
>
> http://www.jacco2.dds.nl/networking/openswan-l2tp.html
>
> Cheers
>
> Alex
>
>
> On 19/07/12 11:59, Sandra Schlichting wrote:
>>
>> Dear readers,
>>
>> I have a working OpenVPN setup right now, where users can connect the
>> the private network at home with their computers.
>>
>> However most phones only support IPSec, so I would like to offer the
>> same service for phones with IPSec as I do for computers with OpenVPN.
>>
>> Problem
>>
>> I can't find any tutorials that describes how to configure OpenSWAN to
>> offer a private IP to the client.
>>
>> With my OpenVPN, clients have to provide a key and passphrase to get
>> access. On Android/iPhone I suppose a key is not possible, so it would
>> be fine with only a passphrase.
>>
>> Question
>>
>> Can OpenSWAN be configured to give a private IP to the clients,
>> similar to my OpenVPN setup?
>>
>> OpenVPN config
>>
>> port 1194
>> proto udp
>> dev tun
>> ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
>> cert /etc/openvpn/secrets/server.crt
>> key /etc/openvpn/secrets/server.key
>> dh /etc/openvpn/secrets/dh1024.pem
>> server 192.168.240.0 255.255.255.0
>> ifconfig-pool-persist ipp.txt
>> push "route 10.10.64.0 255.255.252.0"
>> push "dhcp-option DNS xxx.xxx.xxx.xxx"
>> duplicate-cn
>> keepalive 10 120
>> comp-lzo
>> user openvpn
>> group openvpn
>> persist-key
>> persist-tun
>> status /var/log/openvpn-status.log
>> log-append /var/log/openvpn.log
>> verb 4
>> mute 20
>> plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so
>> "/etc/openvpn/auth/ldap.conf"
>> script-security 2
>> auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env
>> learn-address /etc/openvpn/scripts/log_clients_ip.sh
>>
>> Hugs,
>> Sandra
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
>
> --
> This message is intended only for the addressee and may contain
> confidential information. Unless you are that person, you may not
> disclose its contents or use it in any way and are requested to delete
> the message along with any attachments and notify us immediately.
>
> "Transact" is operated by Integrated Financial Arrangements plc
> Domain House, 5-7 Singer Street, London EC2A 4BQ
> Tel: (020) 7608 4900 Fax: (020) 7608 5300
> (Registered office: as above; Registered in England and Wales under number:
> 3727592)
> Authorised and regulated by the Financial Services Authority (entered on the
> FSA Register; number: 190856)
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list