[Openswan Users] Site-to-site + OpenVPN
Simon Deziel
simon at xelerance.com
Wed May 8 22:39:05 UTC 2013
Hi,
On 13-05-08 05:13 PM, Neal Murphy wrote:
> On Wednesday, May 08, 2013 04:02:34 PM Damir Reic wrote:
>> Hello,
>>
>> this is theoretical question:
>>
>> Let's say i have 2 servers, intermediary server and destination openvpn
>> server. If i establish site-to-site VPN with openswan between those 2
>> servers, can i let's say use this tunnel to tunnel openvpn requests and
>> whole openvpn traffic to destination server (both server have public IP).
>
> It's not so theoretical. It's basically what certain governments and
> militaries do (an encrypted tunnel in an encrypted tunnel using different
> technologies); the same fault is not likely to be found in both.
>
> I believe OpenVPN uses UDP packets (port 1194 by default); it's ordinary IP
> traffic. If you set up IPSEC with the proper LAN addresses at each end and use
> the private (or internal) server address, then it should work. Don't configure
> OpenVPN to use the servers' public addresses, and be sure to use different
> encryption algorithms.
I'd also recommend using transport mode instead of tunnel mode because
of the lower overhead in terms of payload.
Simon
More information about the Users
mailing list