[Openswan Users] Site-to-site + OpenVPN
letoams at gmail.com
Wed May 8 23:13:45 UTC 2013
you cannot use transport in this scenario unless you double NAT it
sent from a tiny device
On 2013-05-08, at 18:39, Simon Deziel <simon at xelerance.com> wrote:
> On 13-05-08 05:13 PM, Neal Murphy wrote:
>> On Wednesday, May 08, 2013 04:02:34 PM Damir Reic wrote:
>>> this is theoretical question:
>>> Let's say i have 2 servers, intermediary server and destination openvpn
>>> server. If i establish site-to-site VPN with openswan between those 2
>>> servers, can i let's say use this tunnel to tunnel openvpn requests and
>>> whole openvpn traffic to destination server (both server have public IP).
>> It's not so theoretical. It's basically what certain governments and
>> militaries do (an encrypted tunnel in an encrypted tunnel using different
>> technologies); the same fault is not likely to be found in both.
>> I believe OpenVPN uses UDP packets (port 1194 by default); it's ordinary IP
>> traffic. If you set up IPSEC with the proper LAN addresses at each end and use
>> the private (or internal) server address, then it should work. Don't configure
>> OpenVPN to use the servers' public addresses, and be sure to use different
>> encryption algorithms.
> I'd also recommend using transport mode instead of tunnel mode because
> of the lower overhead in terms of payload.
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users