[Openswan Users] Site-to-site + OpenVPN
Leto
letoams at gmail.com
Wed May 8 23:13:45 UTC 2013
you cannot use transport in this scenario unless you double NAT it
sent from a tiny device
On 2013-05-08, at 18:39, Simon Deziel <simon at xelerance.com> wrote:
> Hi,
>
> On 13-05-08 05:13 PM, Neal Murphy wrote:
>> On Wednesday, May 08, 2013 04:02:34 PM Damir Reic wrote:
>>> Hello,
>>>
>>> this is theoretical question:
>>>
>>> Let's say i have 2 servers, intermediary server and destination openvpn
>>> server. If i establish site-to-site VPN with openswan between those 2
>>> servers, can i let's say use this tunnel to tunnel openvpn requests and
>>> whole openvpn traffic to destination server (both server have public IP).
>>
>> It's not so theoretical. It's basically what certain governments and
>> militaries do (an encrypted tunnel in an encrypted tunnel using different
>> technologies); the same fault is not likely to be found in both.
>>
>> I believe OpenVPN uses UDP packets (port 1194 by default); it's ordinary IP
>> traffic. If you set up IPSEC with the proper LAN addresses at each end and use
>> the private (or internal) server address, then it should work. Don't configure
>> OpenVPN to use the servers' public addresses, and be sure to use different
>> encryption algorithms.
>
> I'd also recommend using transport mode instead of tunnel mode because
> of the lower overhead in terms of payload.
>
> Simon
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list