[Openswan Users] Site-to-site + OpenVPN

Simon Deziel simon at xelerance.com
Wed May 8 22:39:05 UTC 2013


On 13-05-08 05:13 PM, Neal Murphy wrote:
> On Wednesday, May 08, 2013 04:02:34 PM Damir Reic wrote:
>> Hello,
>> this is theoretical question:
>> Let's say i have 2 servers, intermediary server and destination openvpn
>> server. If i establish site-to-site VPN with openswan between those 2
>> servers, can i let's say use this tunnel to tunnel openvpn requests and
>> whole openvpn traffic to destination server (both server have public IP).
> It's not so theoretical. It's basically what certain governments and 
> militaries do (an encrypted tunnel in an encrypted tunnel using different 
> technologies); the same fault is not likely to be found in both.
> I believe OpenVPN uses UDP packets (port 1194 by default); it's ordinary IP 
> traffic. If you set up IPSEC with the proper LAN addresses at each end and use 
> the private (or internal) server address, then it should work. Don't configure 
> OpenVPN to use the servers' public addresses, and be sure to use different 
> encryption algorithms.

I'd also recommend using transport mode instead of tunnel mode because
of the lower overhead in terms of payload.


More information about the Users mailing list