Re: openswan vpn

From: Alex Harsch (infodude_at_gmx.de)
Date: 08/31/04 

Date: Tue, 31 Aug 2004 18:40:45 +0200

Luke Matthews wrote:

> I need to set up a vpn connection between, lets say company A and
> company B. I work for company A, and company B has told us that that we
> can use whatever software we want as long as it is IPSec compliant.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
They didn't say that, did they?
> I
> was having a look around and came across http://www.openswan.org. So
> does openswan do the client end as well, or does it only do the server
> part? Or is it just both? I was thinking about using it to set up the
> the connection from company A to company B, but wanted to know for sure
> if this is doable before going through the trouble. On the openswan site
> it says it's "an implementation of IPsec for Linux" so I'm guessing it
> would do exactly what I need, but I'm a total noob when it comes to any
> kind of VPN stuff.
I think you can not speak about a server or client. You have to establish a
tunnel and transfer data. So a gateway is actually both.
>
> I have no idea if this would connect to another Linux box or Windows
> box, wasn't given all the details yet, but would like to find a solid
> solution and start figuring out how to get it all set up. I want it so
> that when I have all the connection specifics I can set it up in the
> shortest amount of time possible. Am I steering myself in the right
> direction here? Any thoughts on the matter would be appreciated, thanks!
This could work. But it definetly depends on the ipsec implementation on the
other side. There are so many vendor specific implemntations, that could
give you a hard time or make it even impossible. For example, the
Watchguard box in my companies office will accept connection from clients
with dynamic ips only using the aggressive mode negotiations. Most
implementations find this to be insecure and don't implement it. Bad luck.
>
> On a side note, I tried out openvpn and successfully made a connection
> between two test machines before reading that it isn't IPSec
> compliant...doh! lol
>
> --Luke
You propably best of by byting the bullet and start out with freeswan. It is
a little bit harder to configure but can do all the stuff you will need.

Good luck, Luke.

Regards, Alex

Relevant Pages

  • Re: Incomplete SonicWall VPN Connection
    ... If the SonicWALL Client is on a workstation behind another firewall or NAT ... it must be capable of IPSec pass-thru or else it will not work. ... home networks since they want you to pay for a work connection since they ...
    (comp.security.firewalls)
  • Re: User authentication IPsec
    ... How did you setup IPSec encryption? ... Can you provide a step by step with how you cofigured it on the server and on the client side, ... is the client in the same domain as the DC it is trying to establish the connection? ...
    (microsoft.public.windows.server.active_directory)
  • RE: VPN / IPSEC
    ... the limitation is that the NAT functionality modifies the IP ... Subject: VPN / IPSEC ... I have a case with my client and I need your opinion. ... Net Server or shiva land rover and those connection is connected ...
    (Focus-Microsoft)
  • Re: SonicWall VPN IPSec Authentication Failed
    ... Check to make sure that IPSEC AH is not turned on in the client ... >I have a remote user using the SonicWall VPN Client ... >connection. ... although the SonicWall Pro Log logs "IPSec Authentication ...
    (comp.security.firewalls)
  • Re: SonicWall VPN IPSec Authentication Failed
    ... Check to make sure that IPSEC AH is not turned on in the client ... >I have a remote user using the SonicWall VPN Client ... >connection. ... although the SonicWall Pro Log logs "IPSec Authentication ...
    (comp.security.firewalls)