[Openswan Users] Need a VDSL2 modem known to work with Openswan

Durwin thecajun at nmia.com
Sun Feb 24 11:17:46 EST 2013

Thank you Alex,

> On 23/02/13 22:53, Durwin wrote:
> >> Hi Durwin,
> >>
> >> You don't want "ipsec passthrough" in most cases. As I said in my previous postings, just like SIP ALG, it is usually completely broken and if you can't disable it, you are quite often screwed. The Zyxels are pretty good  - isn't there a newer device in their portfolio that might suit? Netgear is also reasonable if you get the right model. I've heard some good comments about Billion but I've never used one myself. Also look at some of the more expensive routers that specialise in VoIP or security - just google for "Secure Router", "Security Router", etc. Many of them in fact have IPSEC built in, I got this:
> > So a modem that does not support ipsec pass through will still work with
> > openswan?  If so, why do they bother supporting pass through?  Without
> > pass through is it required to forward ports?
> If you're using a *modem* or a router in "modem mode" (many have this) your public IP will be on your OpenSWAN box so no need to bother with port forwarding.
The Actiontec C1000A has a transparent mode.  It says it passes the
responsability of logging in to (in this case the linux machine) another
device.  Could this be what I could do?  If so can you direct me to
proceedures for this?
> If using a router (and it's NATting) you will need to forward probably ports 500 and 4500 UDP to the Openswan box's internal IP.
> And yes, IPSEC passthru is not needed if you can port forward. Every recommendation I've ever seen is to turn it off with *SWAN.
I have SSL VPN using a browser that works with this Actiontec C1000A. 
Why is it that works and Openswan does not?
> >
> >> http://www.scan.co.uk/products/zyxel-prestige-2602hwl-d1a-x20-vpn-11g-plus125mbps-wireless-4x10-100-x2-voip-adsl-router?utm_source=google+shopping&utm_medium=google+shopping
This device does not apear to have a phone jack to plug into the wall. 
The two ports look like RJ45.  How does this fit into my senario?

Thank you for all this help Alex,


> > The new connection Centurylink has me on requires VDSL2.  I tried
> > connecting using ADSL2 and I did connect to internet, but it did not
> > connect to centurylink.  I don't know how that would reflect on my
> > speeds.
> Looks like you need something like this then:
> http://www.zyxel.com/uk/en/products_services/p_871m.shtml?t=p
> >> to work with openSWAN with PSKs at least, in both 3DES and AES.
> >>
> >> Sometimes if you're using DSL or Cable and facing these issues it's actually easier to get a modem instead and use your linux/bsd box to do everything.
> > If you mean a modem to *just* connect to service provider and do VPN
> > with openswan, that is what I am looking for.  But I must not be reading
> > you right.  I require VDLS2 to connect correctly.  After that I don't
> > require any thing special.  Just Openswan.  I expect my current
> > configuration which worked before will work again if I can find that
> > special modem.
> >
> > I will search some more, esspcially the Zyxel.  I have seen the Billion
> > in my searches so its good to hear positive feedback on them.
> >
> > Thank you,
> >
> > Durwin
> A simple VDSL2 modem should do the trick. As it's just a modem probably any manufacturer/model would be fine.
> Good Luck,
> Alex

Durwin F. De La Rue <thecajun at nmia.com>
reality.sys corrupted. universe halted. reboot (y/n)?

More information about the Users mailing list