[Openswan Users] Can OpenSWAN replace OpenVPN?
Sandra Schlichting
littlesandra88 at gmail.com
Mon Jul 23 07:24:43 EDT 2012
Hi Alex,
Thanks for the info.
I will give the OpenSWAN host an public IP, so I suppose that would
free me from the double IP behind NAT problem?
Hugs,
Sandra
On 20 July 2012 14:04, Alex Crow <acrow at integrafin.co.uk> wrote:
> Sandra,
>
> I believe that IPSEC is operating in transport mode with L2TP and it's L2TP
> that creates the tunnel to your internal network.
>
> BTW, one thing to watch out for is that /if/ you have two clients with the
> same internal IP behind different NAT devices you'll have to patch the
> kernel with the SAREF patches. Then you can specify overlapip=yes and
> sareftrack=yes in your config. protostack=mast is required for these two
> options to work.
>
> Cheers
>
> Alex
>
>
> On 20/07/12 12:29, Sandra Schlichting wrote:
>>
>> Dear Alex,
>>
>> I see. So IPSec is just a tunnel. Very interesting =)
>>
>> Hugs,
>> Sandra
>>
>>
>>
>> On 19 July 2012 13:17, Alex Crow <acrow at integrafin.co.uk> wrote:
>>>
>>> Dear Sandra,
>>>
>>> To provide a private IP to the phones, you will probably need to use
>>> IPSEC+L2TP - which most phones will support. I personally use Openswan
>>> with
>>> xl2tpd.
>>>
>>> Good starting points here:
>>>
>>> http://www.jacco2.dds.nl/networking/openswan-l2tp.html
>>>
>>> Cheers
>>>
>>> Alex
>>>
>>>
>>> On 19/07/12 11:59, Sandra Schlichting wrote:
>>>>
>>>> Dear readers,
>>>>
>>>> I have a working OpenVPN setup right now, where users can connect the
>>>> the private network at home with their computers.
>>>>
>>>> However most phones only support IPSec, so I would like to offer the
>>>> same service for phones with IPSec as I do for computers with OpenVPN.
>>>>
>>>> Problem
>>>>
>>>> I can't find any tutorials that describes how to configure OpenSWAN to
>>>> offer a private IP to the client.
>>>>
>>>> With my OpenVPN, clients have to provide a key and passphrase to get
>>>> access. On Android/iPhone I suppose a key is not possible, so it would
>>>> be fine with only a passphrase.
>>>>
>>>> Question
>>>>
>>>> Can OpenSWAN be configured to give a private IP to the clients,
>>>> similar to my OpenVPN setup?
>>>>
>>>> OpenVPN config
>>>>
>>>> port 1194
>>>> proto udp
>>>> dev tun
>>>> ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
>>>> cert /etc/openvpn/secrets/server.crt
>>>> key /etc/openvpn/secrets/server.key
>>>> dh /etc/openvpn/secrets/dh1024.pem
>>>> server 192.168.240.0 255.255.255.0
>>>> ifconfig-pool-persist ipp.txt
>>>> push "route 10.10.64.0 255.255.252.0"
>>>> push "dhcp-option DNS xxx.xxx.xxx.xxx"
>>>> duplicate-cn
>>>> keepalive 10 120
>>>> comp-lzo
>>>> user openvpn
>>>> group openvpn
>>>> persist-key
>>>> persist-tun
>>>> status /var/log/openvpn-status.log
>>>> log-append /var/log/openvpn.log
>>>> verb 4
>>>> mute 20
>>>> plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so
>>>> "/etc/openvpn/auth/ldap.conf"
>>>> script-security 2
>>>> auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh
>>>> via-env
>>>> learn-address /etc/openvpn/scripts/log_clients_ip.sh
>>>>
>>>> Hugs,
>>>> Sandra
>>>> _______________________________________________
>>>> Users at lists.openswan.org
>>>> https://lists.openswan.org/mailman/listinfo/users
>>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>
>>>
>>> --
>>> This message is intended only for the addressee and may contain
>>> confidential information. Unless you are that person, you may not
>>> disclose its contents or use it in any way and are requested to delete
>>> the message along with any attachments and notify us immediately.
>>>
>>> "Transact" is operated by Integrated Financial Arrangements plc
>>> Domain House, 5-7 Singer Street, London EC2A 4BQ
>>> Tel: (020) 7608 4900 Fax: (020) 7608 5300
>>> (Registered office: as above; Registered in England and Wales under
>>> number:
>>> 3727592)
>>> Authorised and regulated by the Financial Services Authority (entered on
>>> the
>>> FSA Register; number: 190856)
>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
> --
> This message is intended only for the addressee and may contain
> confidential information. Unless you are that person, you may not
> disclose its contents or use it in any way and are requested to delete
> the message along with any attachments and notify us immediately.
>
> "Transact" is operated by Integrated Financial Arrangements plc
> Domain House, 5-7 Singer Street, London EC2A 4BQ
> Tel: (020) 7608 4900 Fax: (020) 7608 5300
> (Registered office: as above; Registered in England and Wales under number:
> 3727592)
> Authorised and regulated by the Financial Services Authority (entered on the
> FSA Register; number: 190856)
>
More information about the Users
mailing list