[Openswan Users] Site-to-site + OpenVPN
Neal Murphy
neal.p.murphy at alum.wpi.edu
Wed May 8 21:13:53 UTC 2013
On Wednesday, May 08, 2013 04:02:34 PM Damir Reic wrote:
> Hello,
>
> this is theoretical question:
>
> Let's say i have 2 servers, intermediary server and destination openvpn
> server. If i establish site-to-site VPN with openswan between those 2
> servers, can i let's say use this tunnel to tunnel openvpn requests and
> whole openvpn traffic to destination server (both server have public IP).
It's not so theoretical. It's basically what certain governments and
militaries do (an encrypted tunnel in an encrypted tunnel using different
technologies); the same fault is not likely to be found in both.
I believe OpenVPN uses UDP packets (port 1194 by default); it's ordinary IP
traffic. If you set up IPSEC with the proper LAN addresses at each end and use
the private (or internal) server address, then it should work. Don't configure
OpenVPN to use the servers' public addresses, and be sure to use different
encryption algorithms.
More information about the Users
mailing list