[Openswan Users] Site-to-site + OpenVPN

Leto letoams at gmail.com
Wed May 8 23:13:45 UTC 2013

you cannot use transport in this scenario unless you double NAT it

sent from a tiny device 

On 2013-05-08, at 18:39, Simon Deziel <simon at xelerance.com> wrote:

> Hi,
> On 13-05-08 05:13 PM, Neal Murphy wrote:
>> On Wednesday, May 08, 2013 04:02:34 PM Damir Reic wrote:
>>> Hello,
>>> this is theoretical question:
>>> Let's say i have 2 servers, intermediary server and destination openvpn
>>> server. If i establish site-to-site VPN with openswan between those 2
>>> servers, can i let's say use this tunnel to tunnel openvpn requests and
>>> whole openvpn traffic to destination server (both server have public IP).
>> It's not so theoretical. It's basically what certain governments and 
>> militaries do (an encrypted tunnel in an encrypted tunnel using different 
>> technologies); the same fault is not likely to be found in both.
>> I believe OpenVPN uses UDP packets (port 1194 by default); it's ordinary IP 
>> traffic. If you set up IPSEC with the proper LAN addresses at each end and use 
>> the private (or internal) server address, then it should work. Don't configure 
>> OpenVPN to use the servers' public addresses, and be sure to use different 
>> encryption algorithms.
> I'd also recommend using transport mode instead of tunnel mode because
> of the lower overhead in terms of payload.
> Simon
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list