[Openswan Users] Site-to-site + OpenVPN

Simon Deziel simon at xelerance.com
Mon May 13 15:41:31 UTC 2013

On 13-05-13 11:26 AM, Damir Reic wrote:
>> On 13-05-13 11:17 AM, Damir Reic wrote:
>>>>> i have 2 OpenVPN services on end server binded on WAN IP. Ports used
>>>>> are TCP
>>>>> 443 and UDP 1194. I have Iptables rules to forward requests on some
>>>>> other ports (TCP 80, UDP 443, UDP 80, UDP 4500, UDP 5632) to the one
>>>>> of those 2 configured ports. That is working fine. Now i established
>>>>> site-to-site VPN over openswan in tunnel mode between 1st server and
>>>> end server.
>>>> If your OpenVPN session is already running over an IPsec tunnel I
>>>> think
>>> the
>>>> rest of the discussion should be moved to the OpenVPN mailing list [1].
>>> OpenVPN is not running over IPsec yet because i don't know how can i
>>> tell 1st server to push traffic destined for OpenVPN trough the IPsec
>> tunnel.
>> You OpenVPN connection isn't established?
> No it is not.
> iptables -t nat -A PREROUTING -p udp -d --dport 1191 -j REDIRECT  -
> missing the rest of the rule

We are missing context to make sense of this traffic redirection rule.
Assuming OpenSwan is running on the same boxes as your IPsec endpoints,
few iptables rules should be involved and probably none in PREROUTING.

> Now i don't know how to push this traffic inside the tunnel (don't even know
> is it possible with iptables). is let's say 1st server, is
> server on the other end of tunnel on which openVPN is.

Please show your IPsec configs from both sides.


More information about the Users mailing list