[Openswan Users] Need a VDSL2 modem known to work with Openswan

Alex Crow acrow at integrafin.co.uk
Sun Feb 24 05:33:45 EST 2013 

On 23/02/13 22:53, Durwin wrote:
>> Hi Durwin,
>>
>> You don't want "ipsec passthrough" in most cases. As I said in my previous postings, just like SIP ALG, it is usually completely broken and if you can't disable it, you are quite often screwed. The Zyxels are pretty good  - isn't there a newer device in their portfolio that might suit? Netgear is also reasonable if you get the right model. I've heard some good comments about Billion but I've never used one myself. Also look at some of the more expensive routers that specialise in VoIP or security - just google for "Secure Router", "Security Router", etc. Many of them in fact have IPSEC built in, I got this:
> So a modem that does not support ipsec pass through will still work with
> openswan?  If so, why do they bother supporting pass through?  Without
> pass through is it required to forward ports?

If you're using a *modem* or a router in "modem mode" (many have this) 
your public IP will be on your OpenSWAN box so no need to bother with 
port forwarding.

If using a router (and it's NATting) you will need to forward probably 
ports 500 and 4500 UDP to the Openswan box's internal IP.

And yes, IPSEC passthru is not needed if you can port forward. Every 
recommendation I've ever seen is to turn it off with *SWAN.

>
>> http://www.scan.co.uk/products/zyxel-prestige-2602hwl-d1a-x20-vpn-11g-plus125mbps-wireless-4x10-100-x2-voip-adsl-router?utm_source=google+shopping&utm_medium=google+shopping
> The new connection Centurylink has me on requires VDSL2.  I tried
> connecting using ADSL2 and I did connect to internet, but it did not
> connect to centurylink.  I don't know how that would reflect on my
> speeds.

Looks like you need something like this then:

http://www.zyxel.com/uk/en/products_services/p_871m.shtml?t=p

>> to work with openSWAN with PSKs at least, in both 3DES and AES.
>>
>> Sometimes if you're using DSL or Cable and facing these issues it's actually easier to get a modem instead and use your linux/bsd box to do everything.
> If you mean a modem to *just* connect to service provider and do VPN
> with openswan, that is what I am looking for.  But I must not be reading
> you right.  I require VDLS2 to connect correctly.  After that I don't
> require any thing special.  Just Openswan.  I expect my current
> configuration which worked before will work again if I can find that
> special modem.
>
> I will search some more, esspcially the Zyxel.  I have seen the Billion
> in my searches so its good to hear positive feedback on them.
>
> Thank you,
>
> Durwin

A simple VDSL2 modem should do the trick. As it's just a modem probably 
any manufacturer/model would be fine.

Good Luck,

Alex

More information about the Users mailing list