[Openswan Users] Site-to-site + OpenVPN

Neal Murphy neal.p.murphy at alum.wpi.edu
Wed May 8 21:13:53 UTC 2013

On Wednesday, May 08, 2013 04:02:34 PM Damir Reic wrote:
> Hello,
> this is theoretical question:
> Let's say i have 2 servers, intermediary server and destination openvpn
> server. If i establish site-to-site VPN with openswan between those 2
> servers, can i let's say use this tunnel to tunnel openvpn requests and
> whole openvpn traffic to destination server (both server have public IP).

It's not so theoretical. It's basically what certain governments and 
militaries do (an encrypted tunnel in an encrypted tunnel using different 
technologies); the same fault is not likely to be found in both.

I believe OpenVPN uses UDP packets (port 1194 by default); it's ordinary IP 
traffic. If you set up IPSEC with the proper LAN addresses at each end and use 
the private (or internal) server address, then it should work. Don't configure 
OpenVPN to use the servers' public addresses, and be sure to use different 
encryption algorithms.

More information about the Users mailing list